Description
Expected Behavior
When triggering authentication by calling the login method on a HttpServlet3RequestFactory (i.e. after account activation) I'd expect the details to be set on the generated UsernamePasswordAuthenticationToken.
Not sure how best to customise the authentication details source at this level, but one option could be to use the WebAuthenticationDetailsSource by default as is the case when authenticating via an authentication filter (e.g. UsernamePasswordAuthenticationFilter).
Current Behavior
Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated.
For my use-case for example, I listen for an AuthenticationSuccessEvent, which is fired upon successful login. I create a respective entry in the database to track the login request using the Authentication token along with the remote address that I obtain from the associated WebAuthenticationDetails. However, the above approach does not expose such details to the token.
Context
My workaround currently is to explicitly reference the Spring Security Authentication Manager in the service layer (for example) and manually create the authentication token with the required details (i.e. to replicate somewhat what is happening in the HttpServlet3RequestFactory class).
However, I like the approach of abstracting away from Spring Security where possible and let the incoming request handle/trigger the authentication as I guess is the intention.