Announcement Announcement Module
Collapse
No announcement yet.
X509 Authentication question Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • X509 Authentication question

    When you use authentication with username/password you end up with a UsernamePasswordAuthenticationToken with authenticated set to 'true'. On the other hand, if you use X509 Authentication you end up with a X509AuthenticationToken with autheticated set to 'false'.

    Is there any rationale behind this difference in behaviour that is obvious or explained somewhere? I ask because using X509 Authentication leads to a reauthentication in the service layer, but I cannot see the benfit.

  • #2
    The explanation is probably that it was written before the alwaysReauthenticate property was added to AbstractSecurityInterceptor and at that time the "authenticated" property wasn't relevant to it. It should probably be brought into line with UsernamePasswordAuthenticationToken. I'll have a look at the code.

    Thanks for pointing this out.

    Comment


    • #3
      JIRA Tracker:

      http://opensource2.atlassian.com/pro...browse/SEC-158

      Comment

      Working...
      X