SEC-327: Add includeDetailsObject property.

core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java

@@ -44,6 +44,7 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
     private PasswordEncoder passwordEncoder = new PlaintextPasswordEncoder();
     private SaltSource saltSource;
     private UserDetailsService userDetailsService;
+    private boolean includeDetailsObject = true;
 
     //~ Methods ========================================================================================================
 
@@ -58,7 +59,7 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
 
         if (!passwordEncoder.isPasswordValid(userDetails.getPassword(), authentication.getCredentials().toString(), salt)) {
             throw new BadCredentialsException(messages.getMessage(
-                    "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"), userDetails);
+                    "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"), includeDetailsObject ? userDetails : null);
         }
     }
 
@@ -120,4 +121,12 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
     public void setUserDetailsService(UserDetailsService userDetailsService) {
         this.userDetailsService = userDetailsService;
     }
+
+	public boolean isIncludeDetailsObject() {
+		return includeDetailsObject;
+	}
+
+	public void setIncludeDetailsObject(boolean includeDetailsObject) {
+		this.includeDetailsObject = includeDetailsObject;
+	}
 }

core/src/main/java/org/acegisecurity/providers/ldap/LdapAuthenticationProvider.java

@@ -120,10 +120,11 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio
 
     private LdapAuthenticator authenticator;
     private LdapAuthoritiesPopulator authoritiesPopulator;
+    private boolean includeDetailsObject = true;
 
     //~ Constructors ===================================================================================================
 
-    /**
+	/**
      * Create an initialized instance to the values passed as arguments
      *
      * @param authenticator
@@ -159,7 +160,7 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio
         throws AuthenticationException {
         if (!userDetails.getPassword().equals(authentication.getCredentials().toString())) {
             throw new BadCredentialsException(messages.getMessage(
-                    "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"), userDetails);
+                    "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"), includeDetailsObject ? userDetails : null);
         }
     }
 
@@ -220,4 +221,13 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio
             throw new AuthenticationServiceException(ldapAccessFailure.getMessage(), ldapAccessFailure);
         }
     }
+    
+    public boolean isIncludeDetailsObject() {
+		return includeDetailsObject;
+	}
+
+	public void setIncludeDetailsObject(boolean includeDetailsObject) {
+		this.includeDetailsObject = includeDetailsObject;
+	}
+
 }