From 8fd2963e6b90d5ba3fcfa2c0b94933e3595cb734 Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Tue, 1 Nov 2011 13:05:42 +0000
Subject: [PATCH] Deprecate storage of Authentication object in
 AuthenticationException.

---
 .../springframework/security/core/AuthenticationException.java | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/core/src/main/java/org/springframework/security/core/AuthenticationException.java b/core/src/main/java/org/springframework/security/core/AuthenticationException.java
index d6a5a642f7..8a14b4d37c 100644
--- a/core/src/main/java/org/springframework/security/core/AuthenticationException.java
+++ b/core/src/main/java/org/springframework/security/core/AuthenticationException.java
@@ -64,11 +64,14 @@ public abstract class AuthenticationException extends RuntimeException {
 
     /**
      * The authentication request which this exception corresponds to (may be {@code null})
+     * @deprecated to avoid potential leaking of sensitive information (e.g. through serialization/remoting).
      */
+    @Deprecated
     public Authentication getAuthentication() {
         return authentication;
     }
 
+    @Deprecated
     public void setAuthentication(Authentication authentication) {
         this.authentication = authentication;
     }