From f5bdd757761544a55fffd23655de268e2104a9bd Mon Sep 17 00:00:00 2001
From: dae won <eodnjs01477@gmail.com>
Date: Fri, 31 Jan 2025 23:07:37 +0900
Subject: [PATCH] Lazily compose debug message in
 AbstractUserDetailsAuthenticationProvider Closes gh-16495

Signed-off-by: dae won <eodnjs01477@gmail.com>
---
 .../dao/AbstractUserDetailsAuthenticationProvider.java         | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
index 5679dbfe499..71199587ce0 100644
--- a/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
@@ -23,6 +23,7 @@
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
 import org.springframework.context.support.MessageSourceAccessor;
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.authentication.AccountExpiredException;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.BadCredentialsException;
@@ -133,7 +134,7 @@ public Authentication authenticate(Authentication authentication) throws Authent
 				user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication);
 			}
 			catch (UsernameNotFoundException ex) {
-				this.logger.debug("Failed to find user '" + username + "'");
+				this.logger.debug(LogMessage.format("Failed to find user '%s'", username));
 				if (!this.hideUserNotFoundExceptions) {
 					throw ex;
 				}