Skip to content

SubjectDnX509PrincipalExtractor should update to getSubjectX500Principal #16980

New issue
New issue
Open
#16984
Open
SubjectDnX509PrincipalExtractor should update to getSubjectX500Principal#16980
#16984
Labels
in: webAn issue in web modules (web, webmvc)status: ideal-for-contributionAn issue that we actively are looking for someone to help us withtype: enhancementA general enhancement
Milestone
 
7.0.x
@jzheaux

Description

@jzheaux
jzheaux
opened on Apr 22, 2025

Recent versions of Java state that getSubjectDn should no longer be used:

/**
  * @deprecated Use {@link #getSubjectX500Principal} instead. This method
  * returns the {@code subject} as an implementation specific
  * {@code Principal} object, which should not be relied upon by portable
  * code.
  */

However, since getSubjectDn is abstract, applications may be relying on provider implementations. For example, Bouncycastle returns an org.bouncycastle.jce.X509Principal instance for getSubjectDn and a javax.security.auth.x500.X500Principal for getSubjectX500Principal.

For this reason, we should add a toggle for this value, something like:

boolean extractPrincipalNameFromX500Principal = false;

This default would change to true in Spring Security 8.

Metadata

Metadata

Assignees

No one assigned

    Labels

    in: webAn issue in web modules (web, webmvc)status: ideal-for-contributionAn issue that we actively are looking for someone to help us withtype: enhancementA general enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions