JBoss container adapter to use getName() instead to toString() (see http://opensource.atlassian.com/projects/spring/browse/SEC-22).

adapters/jboss/src/main/java/org/acegisecurity/adapters/jboss/JbossAcegiLoginModule.java

@@ -239,7 +239,7 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule {
             super.log.debug("user is logged. redirecting to jaas classes");
 
             identity = new PrincipalAcegiUserToken(this.key,
-                    response.getPrincipal().toString(),
+                    response.getName(),
                     response.getCredentials().toString(),
                     response.getAuthorities());
         }

doc/xdocs/changes.xml

@@ -41,6 +41,7 @@
       <action dev="benalex" type="fix">Silently catch NotSerializableException in AbstractProcessingFilter if rootCause is not Serializable</action>
       <action dev="benalex" type="fix">Remove getters and setters from JdbcDaoImpl so IoC container cannot modify MappingSqlQuerys</action>
       <action dev="benalex" type="update">Refactor DAO authentication failure events under a consistent abstract superclass</action>
+      <action dev="benalex" type="fix">JBoss container adapter to use getName() instead to toString() (see http://opensource.atlassian.com/projects/spring/browse/SEC-22)</action>
     </release>
     <release version="0.8.2" date="2005-04-20">
       <action dev="benalex" type="fix">Correct location of AuthenticationSimpleHttpInvokerRequestExecutor in clientContext.xml</action>