Recent versions of Java state that getSubjectDn should no longer be used:

/**
  * @deprecated Use {@link #getSubjectX500Principal} instead. This method
  * returns the {@code subject} as an implementation specific
  * {@code Principal} object, which should not be relied upon by portable
  * code.
  */

However, since getSubjectDn is abstract, applications may be relying on provider implementations. For example, Bouncycastle returns an org.bouncycastle.jce.X509Principal instance for getSubjectDn and a javax.security.auth.x500.X500Principal for getSubjectX500Principal.

For this reason, we should add a toggle for this value, something like:

boolean extractPrincipalNameFromX500Principal = false;

This default would change to true in Spring Security 8.