Spring Security
  1. Spring Security
  2. SEC-1325

Tighten up Authentication interface contract to disallow null authorities

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.0.0
    • Component/s: Core
    • Labels:
      None

      Description

      This is pretty much assumed anyway by most of the internal code which processes the Authentication object. Previously it was assumed that null should mean that the token hadn't been authenticated. It should be made clear that getAuthorities never returns null. Since we are now using a Collection internal and in the API, it is easy to always return the same instance, so there is no concern about using resources unnecessarily. It also simplifies internal and external logic as the null case doesn't have to be dealt with separately.

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Luke Taylor
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: