Uploaded image for project: 'Spring Security'
  1. Spring Security
  2. SEC-1547

Programmatic authorization : AuthorityUtils has been removed in Spring Security 3

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: 3.1.0.M2
    • Component/s: None
    • Labels:
      None

      Description

      Having to iterate over the array of authorities to determine if a user has a role is inconvenient. A simple

      AuthorityUtils.userHasAuthority(String authority)

      would be useful.

      See https://jira.springframework.org/browse/SEC-545 for JIRA asking for this kind of utility.

        Issue Links

          Activity

          Hide
          luke Luke Taylor added a comment -

          Static methods don't allow any flexibility or optimization in how the security context is accessed. This is the reason why SEC-1516 has been introduced and this kind of functionality would be part of that interface. That way a hasAuthority() method can be optimized to take advantage of situations where the authorities are a particular type of collection - an EnumSet, for example.

          Show
          luke Luke Taylor added a comment - Static methods don't allow any flexibility or optimization in how the security context is accessed. This is the reason why SEC-1516 has been introduced and this kind of functionality would be part of that interface. That way a hasAuthority() method can be optimized to take advantage of situations where the authorities are a particular type of collection - an EnumSet, for example.
          Hide
          luke Luke Taylor added a comment -

          Closing, for the reason described. Classes which want to check authorities or other security context-related functions will have a "context-accessor" injected (or can use a particular instance internally if they don't want to use dependency injection). Static utility methods like those in AuthorityUtils should be regarded as internal to the framework.

          Show
          luke Luke Taylor added a comment - Closing, for the reason described. Classes which want to check authorities or other security context-related functions will have a "context-accessor" injected (or can use a particular instance internally if they don't want to use dependency injection). Static utility methods like those in AuthorityUtils should be regarded as internal to the framework.
          Hide
          gonzalad adrian added a comment -

          Oups, sorry I didn't found before SEC-1516. Thanks for the link !

          Show
          gonzalad adrian added a comment - Oups, sorry I didn't found before SEC-1516 . Thanks for the link !

            People

            • Assignee:
              luke Luke Taylor
              Reporter:
              gonzalad adrian
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: