Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Use principalExtractor reference instead of properties

Rob Winch 2 months ago
parent
2b740b7f1f
commit
88ed4a5ccf
8 changed files with 85 additions and 107 deletions
Unified View Show Diff Stats
  1. 2 25
      config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
  2. 1 15
      config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
  3. 1 0
      config/src/main/kotlin/org/springframework/security/config/annotation/web/X509Dsl.kt
  4. 0 3
      config/src/main/resources/org/springframework/security/config/spring-security-7.0.rnc
  5. 0 6
      config/src/main/resources/org/springframework/security/config/spring-security-7.0.xsd
  6. 81 38
      config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
  7. 0 17
      config/src/test/resources/max.cer
  8. 0 3
      docs/modules/ROOT/pages/servlet/appendix/namespace/http.adoc

+ 2 - 25
config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
View File 

@@ -33,7 +33,6 @@ import org.springframework.security.web.authentication.preauth.PreAuthenticatedA
 
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails;
 
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails;
 
 import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor;
 
 import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor;
 
-import org.springframework.security.web.authentication.preauth.x509.SubjectX500PrincipalExtractor;
 
 import org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter;
 
 import org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter;
 
 import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor;
 
 import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor;
 
 import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
 
 import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
 
@@ -75,7 +74,6 @@ import org.springframework.security.web.context.RequestAttributeSecurityContextR
 
  *
 
  *
 
  * @author Rob Winch
 
  * @author Rob Winch
 
  * @author Ngoc Nhan
 
  * @author Ngoc Nhan
 
- * @author Max Batischev
 
  * @since 3.2
 
  * @since 3.2
 
  */
 
  */
 
 public final class X509Configurer<H extends HttpSecurityBuilder<H>>
 
 public final class X509Configurer<H extends HttpSecurityBuilder<H>>
 
@@ -163,38 +161,17 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>>
 
 	 * @param subjectPrincipalRegex the regex to extract the user principal from the
 
 	 * @param subjectPrincipalRegex the regex to extract the user principal from the
 
 	 * certificate (i.e. "CN=(.*?)(?:,|$)").
 
 	 * certificate (i.e. "CN=(.*?)(?:,|$)").
 
 	 * @return the {@link X509Configurer} for further customizations
 
 	 * @return the {@link X509Configurer} for further customizations
 
-	 * @deprecated Please use {{@link #extractPrincipalNameFromEmail(boolean)}} instead
 
+	 * @deprecated Please use {{@link #x509PrincipalExtractor(X509PrincipalExtractor)}
 
+	 * instead
 
 	 */
 
 	 */
 
 	@Deprecated
 
 	@Deprecated
 
 	public X509Configurer<H> subjectPrincipalRegex(String subjectPrincipalRegex) {
 
 	public X509Configurer<H> subjectPrincipalRegex(String subjectPrincipalRegex) {
 
-		if (this.x509PrincipalExtractor instanceof SubjectX500PrincipalExtractor) {
 
-			throw new IllegalStateException(
 
-					"Cannot use subjectPrincipalRegex and extractPrincipalNameFromEmail together. "
 
-							+ "Please use one or the other.");
 
-		}
 
 		SubjectDnX509PrincipalExtractor principalExtractor = new SubjectDnX509PrincipalExtractor();
 
 		SubjectDnX509PrincipalExtractor principalExtractor = new SubjectDnX509PrincipalExtractor();
 
 		principalExtractor.setSubjectDnRegex(subjectPrincipalRegex);
 
 		principalExtractor.setSubjectDnRegex(subjectPrincipalRegex);
 
 		this.x509PrincipalExtractor = principalExtractor;
 
 		this.x509PrincipalExtractor = principalExtractor;
 
 		return this;
 
 		return this;
 
 	}
 
 	}
 
 
 
-	/**
 
-	 * If true then DN will be extracted from EMAIlADDRESS, defaults to {@code false}
 
-	 * @param extractPrincipalNameFromEmail whether to extract DN from EMAIlADDRESS
 
-	 * @since 7.0
 
-	 */
 
-	public X509Configurer<H> extractPrincipalNameFromEmail(boolean extractPrincipalNameFromEmail) {
 
-		if (this.x509PrincipalExtractor instanceof SubjectDnX509PrincipalExtractor) {
 
-			throw new IllegalStateException(
 
-					"Cannot use subjectPrincipalRegex and extractPrincipalNameFromEmail together. "
 
-							+ "Please use one or the other.");
 
-		}
 
-		SubjectX500PrincipalExtractor extractor = new SubjectX500PrincipalExtractor();
 
-		extractor.setExtractPrincipalNameFromEmail(extractPrincipalNameFromEmail);
 
-		this.x509PrincipalExtractor = extractor;
 
-		return this;
 
-	}
 
-
 
 	@Override
 
 	@Override
 
 	public void init(H http) {
 
 	public void init(H http) {
 
 		PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider();
 
 		PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider();

+ 1 - 15
config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
View File 

@@ -1,5 +1,5 @@
 
 /*
 
 /*
 
- * Copyright 2002-2025 the original author or authors.
 
+ * Copyright 2002-2023 the original author or authors.
 
  *
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
  * you may not use this file except in compliance with the License.
 
@@ -57,7 +57,6 @@ import org.springframework.security.web.authentication.preauth.PreAuthenticatedG
 
 import org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource;
 
 import org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource;
 
 import org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter;
 
 import org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter;
 
 import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor;
 
 import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor;
 
-import org.springframework.security.web.authentication.preauth.x509.SubjectX500PrincipalExtractor;
 
 import org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter;
 
 import org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter;
 
 import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
 
 import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
 
 import org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter;
 
 import org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter;
 
@@ -523,25 +522,12 @@ final class AuthenticationConfigBuilder {
 
 			filterBuilder.addPropertyValue("securityContextHolderStrategy",
 
 			filterBuilder.addPropertyValue("securityContextHolderStrategy",
 
 					authenticationFilterSecurityContextHolderStrategyRef);
 
 					authenticationFilterSecurityContextHolderStrategyRef);
 
 			String regex = x509Elt.getAttribute("subject-principal-regex");
 
 			String regex = x509Elt.getAttribute("subject-principal-regex");
 
-			String extractPrincipalNameFromEmail = x509Elt.getAttribute("extract-principal-name-from-email");
 
-			if (StringUtils.hasText(regex) && StringUtils.hasText(extractPrincipalNameFromEmail)) {
 
-				throw new IllegalStateException(
 
-						"Cannot use subjectPrincipalRegex and extractPrincipalNameFromEmail together. "
 
-								+ "Please use one or the other.");
 
-			}
 
 			if (StringUtils.hasText(regex)) {
 
 			if (StringUtils.hasText(regex)) {
 
 				BeanDefinitionBuilder extractor = BeanDefinitionBuilder
 
 				BeanDefinitionBuilder extractor = BeanDefinitionBuilder
 
 					.rootBeanDefinition(SubjectDnX509PrincipalExtractor.class);
 
 					.rootBeanDefinition(SubjectDnX509PrincipalExtractor.class);
 
 				extractor.addPropertyValue("subjectDnRegex", regex);
 
 				extractor.addPropertyValue("subjectDnRegex", regex);
 
 				filterBuilder.addPropertyValue("principalExtractor", extractor.getBeanDefinition());
 
 				filterBuilder.addPropertyValue("principalExtractor", extractor.getBeanDefinition());
 
 			}
 
 			}
 
-			if (StringUtils.hasText(extractPrincipalNameFromEmail)) {
 
-				BeanDefinitionBuilder extractor = BeanDefinitionBuilder
 
-					.rootBeanDefinition(SubjectX500PrincipalExtractor.class);
 
-				extractor.addPropertyValue("extractPrincipalNameFromEmail",
 
-						Boolean.parseBoolean(extractPrincipalNameFromEmail));
 
-				filterBuilder.addPropertyValue("principalExtractor", extractor.getBeanDefinition());
 
-			}
 
 			injectAuthenticationDetailsSource(x509Elt, filterBuilder);
 
 			injectAuthenticationDetailsSource(x509Elt, filterBuilder);
 
 			filter = (RootBeanDefinition) filterBuilder.getBeanDefinition();
 
 			filter = (RootBeanDefinition) filterBuilder.getBeanDefinition();
 
 			createPrauthEntryPoint(x509Elt);
 
 			createPrauthEntryPoint(x509Elt);

+ 1 - 0
config/src/main/kotlin/org/springframework/security/config/annotation/web/X509Dsl.kt
View File 

@@ -51,6 +51,7 @@ class X509Dsl {
 
     var authenticationDetailsSource: AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails>? = null
 
     var authenticationDetailsSource: AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails>? = null
 
     var userDetailsService: UserDetailsService? = null
 
     var userDetailsService: UserDetailsService? = null
 
     var authenticationUserDetailsService: AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>? = null
 
     var authenticationUserDetailsService: AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>? = null
 
+    @Deprecated("Use x509PrincipalExtractor instead")
 
     var subjectPrincipalRegex: String? = null
 
     var subjectPrincipalRegex: String? = null

+ 0 - 3
config/src/main/resources/org/springframework/security/config/spring-security-7.0.rnc
View File 

@@ -1053,9 +1053,6 @@ x509.attlist &=
 
 x509.attlist &=
 
 x509.attlist &=
 
 	## Reference to an AuthenticationDetailsSource which will be used by the authentication filter
 
 	## Reference to an AuthenticationDetailsSource which will be used by the authentication filter
 
 	attribute authentication-details-source-ref {xsd:token}?
 
 	attribute authentication-details-source-ref {xsd:token}?
 
-x509.attlist &=
 
-	## If true then DN will be extracted from EMAIlADDRESS
 
-	attribute extract-principal-name-from-email {xsd:token}?
 
 
 
 jee =
 
 jee =
 
 	## Adds a J2eePreAuthenticatedProcessingFilter to the filter chain to provide integration with container authentication.
 
 	## Adds a J2eePreAuthenticatedProcessingFilter to the filter chain to provide integration with container authentication.

+ 0 - 6
config/src/main/resources/org/springframework/security/config/spring-security-7.0.xsd
View File 

@@ -2917,12 +2917,6 @@
 
                 </xs:documentation>
 
                 </xs:documentation>
 
          </xs:annotation>
 
          </xs:annotation>
 
       </xs:attribute>
 
       </xs:attribute>
 
-      <xs:attribute name="extract-principal-name-from-email" type="xs:token">
 
-         <xs:annotation>
 
-            <xs:documentation>If true then DN will be extracted from EMAIlADDRESS
 
-                </xs:documentation>
 
-         </xs:annotation>
 
-      </xs:attribute>
 
   </xs:attributeGroup>
 
   </xs:attributeGroup>
 
   <xs:element name="jee">
 
   <xs:element name="jee">
 
       <xs:annotation>
 
       <xs:annotation>

+ 81 - 38
config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
View File 

@@ -1,5 +1,5 @@
 
 /*
 
 /*
 
- * Copyright 2002-2025 the original author or authors.
 
+ * Copyright 2002-2023 the original author or authors.
 
  *
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
  * you may not use this file except in compliance with the License.
 
@@ -43,7 +43,9 @@ import org.springframework.security.core.userdetails.UserDetailsService;
 
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 import org.springframework.security.web.SecurityFilterChain;
 
 import org.springframework.security.web.SecurityFilterChain;
 
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 
+import org.springframework.security.web.authentication.preauth.x509.SubjectX500PrincipalExtractor;
 
 import org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter;
 
 import org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter;
 
+import org.springframework.security.web.authentication.preauth.x509.X509TestUtils;
 
 import org.springframework.test.web.servlet.MockMvc;
 
 import org.springframework.test.web.servlet.MockMvc;
 
 
 
 import static org.assertj.core.api.Assertions.assertThat;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
@@ -123,16 +125,6 @@ public class X509ConfigurerTests {
 
 		// @formatter:on
 
 		// @formatter:on
 
 	}
 
 	}
 
 
 
-	@Test
 
-	public void x509WhenExtractPrincipalNameFromEmailIsTrueThenUsesEmailAddressToExtractPrincipal() throws Exception {
 
-		this.spring.register(EmailPrincipalConfig.class).autowire();
 
-		X509Certificate certificate = loadCert("max.cer");
 
-		// @formatter:off
 
-		this.mvc.perform(get("/").with(x509(certificate)))
 
-				.andExpect(authenticated().withUsername("maxbatischev@gmail.com"));
 
-		// @formatter:on
 
-	}
 
-
 
 	@Test
 
 	@Test
 
 	public void x509WhenUserDetailsServiceNotConfiguredThenUsesBean() throws Exception {
 
 	public void x509WhenUserDetailsServiceNotConfiguredThenUsesBean() throws Exception {
 
 		this.spring.register(UserDetailsServiceBeanConfig.class).autowire();
 
 		this.spring.register(UserDetailsServiceBeanConfig.class).autowire();
 
@@ -165,6 +157,28 @@ public class X509ConfigurerTests {
 
 		// @formatter:on
 
 		// @formatter:on
 
 	}
 
 	}
 
 
 
+	@Test
 
+	public void x509WhenSubjectX500PrincipalExtractor() throws Exception {
 
+		this.spring.register(SubjectX500PrincipalExtractorConfig.class).autowire();
 
+		X509Certificate certificate = loadCert("rod.cer");
 
+		// @formatter:off
 
+		this.mvc.perform(get("/").with(x509(certificate)))
 
+				.andExpect((result) -> assertThat(result.getRequest().getSession(false)).isNull())
 
+				.andExpect(authenticated().withUsername("rod"));
 
+		// @formatter:on
 
+	}
 
+
 
+	@Test
 
+	public void x509WhenSubjectX500PrincipalExtractorBean() throws Exception {
 
+		this.spring.register(SubjectX500PrincipalExtractorEmailConfig.class).autowire();
 
+		X509Certificate certificate = X509TestUtils.buildTestCertificate();
 
+		// @formatter:off
 
+		this.mvc.perform(get("/").with(x509(certificate)))
 
+				.andExpect((result) -> assertThat(result.getRequest().getSession(false)).isNull())
 
+				.andExpect(authenticated().withUsername("luke@monkeymachine"));
 
+		// @formatter:on
 
+	}
 
+
 
 	private <T extends Certificate> T loadCert(String location) {
 
 	private <T extends Certificate> T loadCert(String location) {
 
 		try (InputStream is = new ClassPathResource(location).getInputStream()) {
 
 		try (InputStream is = new ClassPathResource(location).getInputStream()) {
 
 			CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
 
 			CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
 
@@ -287,33 +301,6 @@ public class X509ConfigurerTests {
 
 
 
 	}
 
 	}
 
 
 
-	@Configuration
 
-	@EnableWebSecurity
 
-	static class EmailPrincipalConfig {
 
-
 
-		@Bean
 
-		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
-			// @formatter:off
 
-			http
 
-					.x509((x509) ->
 
-							x509.extractPrincipalNameFromEmail(true)
 
-					);
 
-			// @formatter:on
 
-			return http.build();
 
-		}
 
-
 
-		@Bean
 
-		UserDetailsService userDetailsService() {
 
-			UserDetails user = User.withDefaultPasswordEncoder()
 
-				.username("maxbatischev@gmail.com")
 
-				.password("password")
 
-				.roles("USER", "ADMIN")
 
-				.build();
 
-			return new InMemoryUserDetailsManager(user);
 
-		}
 
-
 
-	}
 
-
 
 	@Configuration
 
 	@Configuration
 
 	@EnableWebSecurity
 
 	@EnableWebSecurity
 
 	static class UserDetailsServiceBeanConfig {
 
 	static class UserDetailsServiceBeanConfig {
 
@@ -397,4 +384,60 @@ public class X509ConfigurerTests {
 
 
 
 	}
 
 	}
 
 
 
+	@Configuration
 
+	@EnableWebSecurity
 
+	static class SubjectX500PrincipalExtractorConfig {
 
+
 
+		@Bean
 
+		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 
+			// @formatter:off
 
+			http
 
+					.x509((x509) -> x509
 
+							.x509PrincipalExtractor(new SubjectX500PrincipalExtractor())
 
+					);
 
+			// @formatter:on
 
+			return http.build();
 
+		}
 
+
 
+		@Bean
 
+		UserDetailsService userDetailsService() {
 
+			UserDetails user = User.withDefaultPasswordEncoder()
 
+				.username("rod")
 
+				.password("password")
 
+				.roles("USER", "ADMIN")
 
+				.build();
 
+			return new InMemoryUserDetailsManager(user);
 
+		}
 
+
 
+	}
 
+
 
+	@Configuration
 
+	@EnableWebSecurity
 
+	static class SubjectX500PrincipalExtractorEmailConfig {
 
+
 
+		@Bean
 
+		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 
+			SubjectX500PrincipalExtractor principalExtractor = new SubjectX500PrincipalExtractor();
 
+			principalExtractor.setExtractPrincipalNameFromEmail(true);
 
+			// @formatter:off
 
+			http
 
+				.x509((x509) -> x509
 
+					.x509PrincipalExtractor(principalExtractor)
 
+				);
 
+			// @formatter:on
 
+			return http.build();
 
+		}
 
+
 
+		@Bean
 
+		UserDetailsService userDetailsService() {
 
+			UserDetails user = User.withDefaultPasswordEncoder()
 
+				.username("luke@monkeymachine")
 
+				.password("password")
 
+				.roles("USER", "ADMIN")
 
+				.build();
 
+			return new InMemoryUserDetailsManager(user);
 
+		}
 
+
 
+	}
 
+
 
 }
 
 }

+ 0 - 17
config/src/test/resources/max.cer
View File 

@@ -1,17 +0,0 @@
 
------BEGIN CERTIFICATE-----
 
-MIICojCCAgugAwIBAgIBADANBgkqhkiG9w0BAQ0FADBuMQswCQYDVQQGEwJydTEP
 
-MA0GA1UECAwGTW9zY293MQ8wDQYDVQQKDAZTcHJpbmcxFjAUBgNVBAMMDU1heCBC
 
-YXRpc2NoZXYxJTAjBgkqhkiG9w0BCQEWFm1heGJhdGlzY2hldkBnbWFpbC5jb20w
 
-HhcNMjUwNTE0MTcyODM5WhcNMjYwNTE0MTcyODM5WjBuMQswCQYDVQQGEwJydTEP
 
-MA0GA1UECAwGTW9zY293MQ8wDQYDVQQKDAZTcHJpbmcxFjAUBgNVBAMMDU1heCBC
 
-YXRpc2NoZXYxJTAjBgkqhkiG9w0BCQEWFm1heGJhdGlzY2hldkBnbWFpbC5jb20w
 
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALVZ2K/iOINeHZ4XAV3QmNRgS+iB
 
-Vw0fW07uzYkCoSZU1lOBQE0k8+fdM2+X9AsgwfRCE3tUZquPApEKynB5V9Seh+bR
 
-vc9aj7PunMyN+zjRU6X7/BL3VqLfrJLSc15bQaSN1phJ6NT+BTXPTuiPbXldnJLC
 
-wVo6PView83yZ335AgMBAAGjUDBOMB0GA1UdDgQWBBQhyQfxL2ZYotcS8AmMJtli
 
-2IRAMTAfBgNVHSMEGDAWgBQhyQfxL2ZYotcS8AmMJtli2IRAMTAMBgNVHRMEBTAD
 
-AQH/MA0GCSqGSIb3DQEBDQUAA4GBAIIIJxpsTPtUEnePAqqgVFWDKC2CExhtCBYL
 
-MjLSC+7E9OlfuuX1joAsD4Yv86k4Ox836D0KQtINtg3y6D8O+HSylhVg1xtOiK7l
 
-ElXVRepB8GcX3vf9F58v9s++cSDvXf8vJu/O7nI4fv9C5SfUtMY4JPh/3MTsyl8O
 
-tgxTKjvO
 
------END CERTIFICATE-----

+ 0 - 3
docs/modules/ROOT/pages/servlet/appendix/namespace/http.adoc
View File 

@@ -2229,9 +2229,6 @@ Defines a regular expression which will be used to extract the username from the
 
 Allows a specific `UserDetailsService` to be used with X.509 in the case where multiple instances are configured.
 
 Allows a specific `UserDetailsService` to be used with X.509 in the case where multiple instances are configured.
 
 If not set, an attempt will be made to locate a suitable instance automatically and use that.
 
 If not set, an attempt will be made to locate a suitable instance automatically and use that.
 
 
 
-[[nsa-x509-extract-principal-name-from-email]]
 
-* **extract-principal-name-from-email**
 
-If true then DN will be extracted from EMAIlADDRESS.
 
 
 
 [[nsa-filter-chain-map]]
 
 [[nsa-filter-chain-map]]
 
 == <filter-chain-map>
 
 == <filter-chain-map>