SEC-1857: Use Principal.getName() in ContextPropagatingRemoteInvocation

This is a better option than using the toString() method where the latter doesn't return the username. e.g when the principal is a UserDetails.
2026-05-22 21:33:16 +00:00 · 2011-12-05 21:23:42 +00:00
parent 0de067ae63
commit 9fa6e78770
1 changed files with 1 additions and 1 deletions
@@ -65,7 +65,7 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
        Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();

        if (currentUser != null) {
-            principal = currentUser.getPrincipal().toString();
+            principal = currentUser.getName();
            credentials = currentUser.getCredentials().toString();
        } else {
            principal = credentials = null;