diff --git a/docs/manual/src/docbook/preauth.xml b/docs/manual/src/docbook/preauth.xml
index b4fde44ccc..bb4b04f19d 100644
--- a/docs/manual/src/docbook/preauth.xml
+++ b/docs/manual/src/docbook/preauth.xml
@@ -52,34 +52,29 @@
data and submit it for authentication. By authentication
here, we
really just mean further processing to perhaps load the user's authorities, but the
standard Spring Security authentication architecture is followed.
-
-
- AbstractPreAuthenticatedAuthenticationDetailsSource
Like other Spring Security authentication filters, the pre-authentication filter
has an authenticationDetailsSource property which by default will
create a WebAuthenticationDetails object to store additional
information such as the session-identifier and originating IP address in the
- details property of the
- Authentication object. In cases where user role
+ details property of the
+ Authentication object. In cases where user role
information can be obtained from the pre-authentication mechanism, the data is also
- stored in this property. Subclasses of
- AbstractPreAuthenticatedAuthenticationDetailsSource use an
- extended details object which implements the
- GrantedAuthoritiesContainer interface, thus enabling
- the authentication provider to read the authorities which were externally allocated
- to the user. We'll look at a concrete example next.
+ stored in this property, with the details implementing the
+ GrantedAuthoritiesContainer interface. This
+ enables the authentication provider to read the authorities which were externally
+ allocated to the user. We'll look at a concrete example next.
J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
If the filter is configured with an
- authenticationDetailsSource which is an instance of this
+ authenticationDetailsSource which is an instance of this
class, the authority information is obtained by calling the
- isUserInRole(String role) method for each of a
+ isUserInRole(String role) method for each of a
pre-determined set of mappable roles
. The class gets these from a
configured MappableAttributesRetriever. Possible
implementations include hard-coding a list in the application context and
reading the role information from the <security-role>
information in a web.xml file. The pre-authentication
- sample application uses the latter approach.
+ sample application uses the latter approach.
There is an additional stage where the roles (or attributes) are mapped to
Spring Security GrantedAuthority objects using a
configured Attributes2GrantedAuthoritiesMapper.
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesAuthenticationDetails.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesAuthenticationDetails.java
index 204e9b26b6..bc3d7b888e 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesAuthenticationDetails.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesAuthenticationDetails.java
@@ -15,6 +15,7 @@ import org.springframework.util.Assert;
* @author Ruud Senden
* @since 2.0
*/
+@Deprecated
public class PreAuthenticatedGrantedAuthoritiesAuthenticationDetails extends AuthenticationDetails implements
MutableGrantedAuthoritiesContainer {
public static final long serialVersionUID = 1L;