SEC-2078: Updated Javadoc to reflect that updates to Principal will also trigger reauthentication

2025-06-23 12:32:13 +00:00 · 2012-12-06 09:03:07 -06:00 · 2012-12-06 09:03:07 -06:00 · ece4a0f067
commit ece4a0f067
parent 3fe7791266
1 changed files with 3 additions and 3 deletions
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
@ -250,9 +250,9 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
    }

    /**
-     * If set, the pre-authenticated principal will be checked on each request and compared
-     * against the name of the current <tt>Authentication</tt> object. If a change is detected,
-     * the user will be reauthenticated.
+     * If set, the pre-authenticated principal will be checked on each request and compared against the name of the
+     * current <tt>Authentication</tt> object. A check to determine if {@link Authentication#getPrincipal()} is equal
+     * to the principal will also be performed. If a change is detected, the user will be reauthenticated.
     *
     * @param checkForPrincipalChanges
     */