Polish AuthenticationRequest Property

- Add getter for reading the request
- Update BadCredentialsMixing to ignore authentication
- Allow exception to be mutable

Issue gh-16444

core/src/main/java/org/springframework/security/core/AuthenticationException.java

@@ -31,15 +31,7 @@ public abstract class AuthenticationException extends RuntimeException {
 	@Serial
 	private static final long serialVersionUID = 2018827803361503060L;
 
-	/**
+	private Authentication authenticationRequest;
-	 * The {@link Authentication} object representing the failed authentication attempt.
-	 * <p>
-	 * This field captures the authentication request that was attempted but ultimately
-	 * failed, providing critical information for diagnosing the failure and facilitating
-	 * debugging. If set, the value must not be null.
-	 * </p>
-	 */
-	private Authentication authRequest;
 
 	/**
 	 * Constructs an {@code AuthenticationException} with the specified message and root
@@ -49,7 +41,6 @@ public abstract class AuthenticationException extends RuntimeException {
 	 */
 	public AuthenticationException(String msg, Throwable cause) {
 		super(msg, cause);
-		this.authRequest = null;
 	}
 
 	/**
@@ -59,23 +50,33 @@ public abstract class AuthenticationException extends RuntimeException {
 	 */
 	public AuthenticationException(String msg) {
 		super(msg);
-		this.authRequest = null;
 	}
 
-
 	/**
-	 * Sets the {@link Authentication} object representing the failed authentication
+	 * Get the {@link Authentication} object representing the failed authentication
 	 * attempt.
 	 * <p>
-	 * This method allows the injection of the authentication request that resulted in a
+	 * This field captures the authentication request that was attempted but ultimately
-	 * failure. The provided {@code authRequest} should not be null if set.
+	 * failed, providing critical information for diagnosing the failure and facilitating
-	 * </p>
+	 * debugging
-	 * @param authRequest the authentication request associated with the failed
+	 * @since 6.5
-	 * authentication attempt.
 	 */
-	public void setAuthRequest(Authentication authRequest) {
+	public Authentication getAuthenticationRequest() {
-		Assert.notNull(authRequest, "AuthRequest cannot be null");
+		return this.authenticationRequest;
-		this.authRequest = authRequest;
+	}
+
+	/**
+	 * Set the {@link Authentication} object representing the failed authentication
+	 * attempt.
+	 * <p>
+	 * The provided {@code authenticationRequest} should not be null
+	 * @param authenticationRequest the authentication request associated with the failed
+	 * authentication attempt
+	 * @since 6.5
+	 */
+	public void setAuthenticationRequest(Authentication authenticationRequest) {
+		Assert.notNull(authenticationRequest, "authenticationRequest cannot be null");
+		this.authenticationRequest = authenticationRequest;
 	}
 
 }

core/src/main/java/org/springframework/security/jackson2/BadCredentialsExceptionMixin.java

@@ -40,7 +40,7 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
  * @see CoreJackson2Module
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
-@JsonIgnoreProperties(ignoreUnknown = true, value = { "cause", "stackTrace" })
+@JsonIgnoreProperties(ignoreUnknown = true, value = { "cause", "stackTrace", "authenticationRequest" })
 class BadCredentialsExceptionMixin {
 
 	/**

etc/checkstyle/checkstyle-suppressions.xml

@@ -38,6 +38,7 @@
 	<suppress files="AbstractOAuth2AuthorizationGrantRequestEntityConverter\.java" checks="SpringMethodVisibility"/>
 	<suppress files="JoseHeader\.java" checks="SpringMethodVisibility"/>
 	<suppress files="DefaultLoginPageGeneratingFilterTests\.java" checks="SpringLeadingWhitespace"/>
+	<suppress files="AuthenticationException\.java" checks="MutableException"/>
 
 	<!-- Lambdas that we can't replace with a method reference because a closure is required -->
 	<suppress files="BearerTokenAuthenticationFilter\.java" checks="SpringLambda"/>