How would I know for sure what the following line would return today and in future versions of Spring? I didn't find documentation about this. How can I know for sure what would Spring decide to assign to this field?
SecurityContextHolder.getContext().getAuthentication().getDetails()
According to this you can expect the Spanish Inquisition
Java Spring is not clear about what should one expect from getDetails of SecurityContext
We cannot say this, because I think Spring developers has given this choice to the security provider implementation.
If you have custom implementation, your security provider has to use one of AbstractAuthenticationToken. As part of AbstractAuthenticationToken you can set the details. AbstractAuthenticationToken.setDetails(details);
For Example, I use CAS(Central Authentication Service). CAS uses UsernamePasswordAuthenticationToken and set the details with DefaultServiceAuthenticationDetails
Which consists below details:
Details: org.springframework.security.cas.web.authentication.DefaultServiceAuthenticationDetails@950d14e5: RemoteIpAddress: xxx.xx.xx.xxx; SessionId: A0A0A0A0BB1B1B1B1ServiceUrl: https://local.example.com/test_application/j_spring_cas_security_check