Closed
Description
Hi,
I've noticed that java.security.Principal in controller params are ignored, but not org.springframework.security.core.Authentication, I'll like to request that Authentication params be ignored also.
ex. this currently thinks auth is the request body
@PostMapping public Object doPost( @RequestBody SomeClass req, Authentication auth) {
ex 2. this thinks auth is a query param
@GetMapping public Object doGet(Authentication auth)
I did see the FAQ mentioned I can use @Parameter(hidden = true) to hide it, and that'll be my workaround for now, but since I have many such cases, it'll be nice if it's ignored by default.
Thanks