szerhusenBC/jwt-spring-security-demo

AuthenticationRestController.createAuthenticationToken getting UserDetails twice

pedroviniv opened this issue · 1 comments

Hi. I was implementing my own stateless authentication using JWT so I was reading your code in order to know how people was implementing this kind of authentication using Spring Security module.

When I was looking the AuthenticationRestController code, I noticed that you call authenticate method in order to authenticate user credentials delegating that handling to AuthenticationManager. If I'm not wrong, AuthenticationManager delegates the handling of the credentials to it's AuthenticationProviders, which in your implementation calls JwtUserDetailsService that retrieves user details from the database.
Once the authentication has successfully done, the AuthenticationManager returns the Authentication Object with the UserDetails setted as it's field named "principal".

So my question is: After all the authentication proccess, why call JwtUserDetailsService again to generate the token if the UserDetails could be returned from authenticate method?

Closed, because I published a complete new version.