Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
WSS4J SpringDigestPasswordValidationCallbackHandler uses WSUsernameTokenPrincipal instead of UserDetails for creating authentication token? [SWS-693] #787
I'm using SpringDigestPasswordValidationCallbackHandler for WSS4J Authentication.
This is the code that handles SecurityContextHolder:
I think that the Token should reference the UserDetails object as follows:
so that the SecurityContext contains my custom implementation of the UserDetails object...
Is this the intended behaviour?
Tareq Abedrabbo commented
Thanks for spotting this. I think you're right, SpringDigestPasswordValidationCallbackHandler should pass the UserDetails instance that it loads instead of creating a WSUsernameTokenPrincipal. However, I prefer not to include the fix in a minor version since, as you understand, it has the potential of causing ClassCastException to users who are currently relying on the fact that the principal is a WSUsernameTokenPrincipal. For this reason, I'm rescheduling this to 2.1.