mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-13 23:52:14 +00:00
a19cc8f1c7
Previously the namespace configuration did not properly set the eraseCredentialsAfterAuthentication property on the parent AuthenticationProvider when using http@authentication-manager-ref. Now the ProviderManager that is created by the namespace consults the original AuthenticationManager to determine if eraseCredentialsAfterAuthentication should be set on the wrapped instance. If the original is not a ProviderManager the eraseCredentialsAfterAuthentication is set to false since we should not "magically" add behavior to the custom AuthenticationManager without knowing the desired behavior.