Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecated hint on BasicAuthenticationFilter #13231

Closed
mczul opened this issue May 25, 2023 · 1 comment
Closed

Deprecated hint on BasicAuthenticationFilter #13231

mczul opened this issue May 25, 2023 · 1 comment
Assignees
@jzheaux
Labels
in: docs An issue in Documentation or samples type: bug A general bug

Comments

@mczul
Copy link
Contributor

mczul commented May 25, 2023

Hi Spring Security Team,

first of all: Thanks for your effort and your amazing work!

I recently read through the JavaDoc of BasicAuthenticationFilter and was a bit irritated by lines 84 to 86 where Digest Auth was described as a better alternative for Basic Auth which is certainly a deprecated artifact and conflicts with the warning stated on the official tutorial.

It's not a big deal for readers with basic security knowledge... but maybe unsophisticated project setups can be prevented if deprecated hints like this are removed.

spring-security/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java

Lines 84 to 86 in 9ec3e80

* undesirable in many situations. Digest authentication is also provided by Spring
* Security and should be used instead of Basic authentication wherever possible. See
* {@link org.springframework.security.web.authentication.www.DigestAuthenticationFilter}.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label May 25, 2023
@jzheaux
Copy link
Contributor

jzheaux commented May 30, 2023

Good catch, @mczul! Can you provide a PR to update the JavaDoc? And would you please base that change on 5.7.x?

@jzheaux jzheaux self-assigned this May 30, 2023
@jzheaux jzheaux added in: docs An issue in Documentation or samples type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged labels May 30, 2023
@mczul mczul mentioned this issue May 30, 2023
Merged
@jzheaux jzheaux mentioned this issue Jun 5, 2023
Closed
@jzheaux jzheaux closed this as completed in 9ac286e Jun 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: docs An issue in Documentation or samples type: bug A general bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jzheaux @mczul @spring-projects-issues