Skip to content

SubjectDnX509PrincipalExtractor should update to getSubjectX500Principal #16980

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jzheaux opened this issue Apr 22, 2025 · 2 comments · May be fixed by #16984
Closed

SubjectDnX509PrincipalExtractor should update to getSubjectX500Principal #16980

jzheaux opened this issue Apr 22, 2025 · 2 comments · May be fixed by #16984
Assignees
@jzheaux @franticticktick
Labels
in: web An issue in web modules (web, webmvc) status: duplicate A duplicate of another issue type: enhancement A general enhancement
Milestone
7.0.x

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Apr 22, 2025

Recent versions of Java state that getSubjectDn should no longer be used:

/**
  * @deprecated Use {@link #getSubjectX500Principal} instead. This method
  * returns the {@code subject} as an implementation specific
  * {@code Principal} object, which should not be relied upon by portable
  * code.
  */

However, since getSubjectDn is abstract, applications may be relying on provider implementations. For example, Bouncycastle returns an org.bouncycastle.jce.X509Principal instance for getSubjectDn and a javax.security.auth.x500.X500Principal for getSubjectX500Principal.

For this reason, we should add a toggle for this value, something like:

boolean extractPrincipalNameFromX500Principal = false;

This default would change to true in Spring Security 8.
@jzheaux jzheaux added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Apr 22, 2025
@jzheaux jzheaux added this to the 7.0.x milestone Apr 22, 2025
@jzheaux jzheaux added status: ideal-for-contribution An issue that we actively are looking for someone to help us with in: web An issue in web modules (web, webmvc) and removed status: waiting-for-triage An issue we've not yet triaged labels Apr 22, 2025
@franticticktick
Copy link
Contributor

Hi @jzheaux , could you assign this ticket to me please?

franticticktick added a commit to franticticktick/spring-security that referenced this issue Apr 23, 2025
@franticticktick
Add Support Extracting DN From X500Principal
540cc35 
Closes spring-projectsgh-16980

Signed-off-by: Max Batischev <[email protected]>
@franticticktick franticticktick mentioned this issue Apr 23, 2025
Open
@jzheaux jzheaux removed the status: ideal-for-contribution An issue that we actively are looking for someone to help us with label Apr 28, 2025
@jzheaux
Copy link
Contributor Author

jzheaux commented May 1, 2025

Closed in favor of #16984

@jzheaux jzheaux closed this as completed May 1, 2025
@jzheaux jzheaux added the status: duplicate A duplicate of another issue label May 1, 2025
franticticktick added a commit to franticticktick/spring-security that referenced this issue May 16, 2025
@franticticktick
Add Support SubjectX500PrincipalExtractor
182e275 
Closes spring-projectsgh-16980

Signed-off-by: Max Batischev <[email protected]>
franticticktick added a commit to franticticktick/spring-security that referenced this issue May 16, 2025
@franticticktick
Add Support SubjectX500PrincipalExtractor
967fc0e 
Closes spring-projectsgh-16980

Signed-off-by: Max Batischev <[email protected]>
franticticktick added a commit to franticticktick/spring-security that referenced this issue May 16, 2025
@franticticktick
Add Support SubjectX500PrincipalExtractor
430b673 
Closes spring-projectsgh-16980

Signed-off-by: Max Batischev <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

@franticticktick franticticktick

Labels
in: web An issue in web modules (web, webmvc) status: duplicate A duplicate of another issue type: enhancement A general enhancement
Projects
None yet
Milestone
7.0.x
Development

Successfully merging a pull request may close this issue.

Add Support Extracting DN From X500Principal franticticktick/spring-security
2 participants
@jzheaux @franticticktick