Karel Miarka wrote:
Yes, I agree it's worthwhile to have the User object available from an
Authentication. I think we got to the point of agreeing it would be
returned from Authentication.getCredentials() and I asked if this would
cause concerns for anybody. I didn't receive any feedback, so I
Scott Evans wrote:
Actually, the default implementation of
isAuthenticationCorrect(authentication, user) could be the code found
in the current isPasswordCorrect method.
For the filter, I think it might make more sense it just create a new
one rather than adding a hook for subclasses to instant
