Announcement Announcement Module
No announcement yet.
Authentication.getDetails() returns String in v0.8.1 Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Authentication.getDetails() returns String in v0.8.1

    I have upgraded to 0.8.1 but when I call Authentication.getDetails() instead of getting an instance of WebAuthenticationDetails I get a string representation of the instance.

    This appears to be being caused by a line in PasswordDaoAuthenticationProvider, which calls toString on the details object before copying it to the new authentication object. Is this intentional or a bug?:

      protected Authentication createSuccessAuthentication(Object principal,
            Authentication authentication, UserDetails user) {
            // Ensure we return the original credentials the user supplied,
            // so subsequent attempts are successful even with encoded passwords.
            // Also ensure we return the original getDetails(), so that future
            // authentication events after cache expiry contain the details
            UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(principal,
                    authentication.getCredentials(), user.getAuthorities());
            result.setDetails((authentication.getDetails() != null)
                ? authentication.getDetails().toString() : null);
            return result;

  • #2
    I just checked DaoAuthenticationProvider version 1.30, which is what is included in release 0.8.1, and it does not use .toString() as per you quote. Please check the version of DaoAuthenticationProvider that you quoted, as I suspect you're looking at a pre-0.8.1 version.


    • #3
      It is the PasswordDaoAuthenticationProvider that has the toString call.


      • #4
        Thanks for the pointer. I just fixed it in CVS.