Add Factory Authority When Authentication Succeeds

Issue gh-17933

ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java

@@ -33,6 +33,7 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.SpringSecurityMessageSource;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
 import org.springframework.security.core.authority.mapping.NullAuthoritiesMapper;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -50,6 +51,8 @@ import org.springframework.util.StringUtils;
  */
 public abstract class AbstractLdapAuthenticationProvider implements AuthenticationProvider, MessageSourceAware {
 
+	private static final String AUTHORITY = "FACTOR_PASSWORD";
+
 	protected final Log logger = LogFactory.getLog(getClass());
 
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
@@ -100,8 +103,11 @@ public abstract class AbstractLdapAuthenticationProvider implements Authenticati
 			UserDetails user) {
 		Object password = this.useAuthenticationRequestCredentials ? authentication.getCredentials()
 				: user.getPassword();
-		UsernamePasswordAuthenticationToken result = UsernamePasswordAuthenticationToken.authenticated(user, password,
-				this.authoritiesMapper.mapAuthorities(user.getAuthorities()));
+		UsernamePasswordAuthenticationToken result = UsernamePasswordAuthenticationToken
+			.authenticated(user, password, this.authoritiesMapper.mapAuthorities(user.getAuthorities()))
+			.toBuilder()
+			.authorities((a) -> a.add(new SimpleGrantedAuthority(AUTHORITY)))
+			.build();
 		result.setDetails(authentication.getDetails());
 		this.logger.debug("Authenticated user");
 		return result;