Hi,

Is just a suggestion: details in UsernamePasswordAuthenticationToken can be Object, just more general. I think is more useful this way.

Catalin

One more thing, in DaoAuthenticationProvider when createSuccessAuthentication details should be passed to, if UsernamePasswordAuthenticationToken is used.

Is there any other way to send u this sugestions( of course if this suggestions interest acegi), i don't know if this forum is for that.

Catalin

Development changes should probably go to the acegisecurity-developers list, but the forum is also no problem. Just don't send them to me off-list, as I like suggestions receiving visibility so there is some historical record of why they were made.

I have made the changes to UsernamePasswordAuthenticationToken and DaoAuthenticationProvider so they are no longer reliant on a String being presented. Of course, the main reason the Authentication.getDetails() method exists is to assist event listeners log useful information. So most of the time getDetails().toString() will be used, unless someone writes a custom listener to handle the particular type of Object they expect from the Authentication.

Exactly, but i tried to use detail to put a small List of object I need an Authenticated to have with him, so I thought: why "reinvent the wheel, so long as the wheel is perfectly round" (Rod Johnson )http://www.theserverside.com/talks/videos/RodJohnson2004/dsl/interview.html btw great interview.
I,ve tried to use the impl acegi had for Authentication, first i've into the problem that details was String, than the problem that createSuccessAuthentication( ... ) in DaoAuthenticationProvider didn't pass the detail so I had to write my own impl.

All good!
Catalin