Jan 16th, 2006, 06:24 PM
X509 Authentication question
When you use authentication with username/password you end up with a UsernamePasswordAuthenticationToken with authenticated set to 'true'. On the other hand, if you use X509 Authentication you end up with a X509AuthenticationToken with autheticated set to 'false'.
Is there any rationale behind this difference in behaviour that is obvious or explained somewhere? I ask because using X509 Authentication leads to a reauthentication in the service layer, but I cannot see the benfit.
Jan 17th, 2006, 07:11 PM
The explanation is probably that it was written before the alwaysReauthenticate property was added to AbstractSecurityInterceptor and at that time the "authenticated" property wasn't relevant to it. It should probably be brought into line with UsernamePasswordAuthenticationToken. I'll have a look at the code.
Thanks for pointing this out.
Jan 26th, 2006, 07:09 AM