SES-92: Wrap the execution of the UserDetailsService in a PrivilegedAction so that it can reuse the Kerberos authentication.

[spring-projects-issues]

Tim Kettler (Migrated from SES-92) said:

To fetch roles from AD a UserdetailsService needs to log in to the AD Ldap-Server. Currently, when using one of the Kerberos authenticators one needs to specify credentials in two locations. It would be great when a UserDetailsService implementation could reuse the authentication of the KerberosAuthenticator.

The code implementing this is available here: http://git.springsource.org/~tik/spring-security/tiks-se-security

Currently the unit tests and samples in the repository are broken. If there is interest to integrate this in the kerberos extension I can invest some more time and fix this.