SEC-1122: Incorrect description of AuthorityGranter/JaasAuthenticationProvider actions #1374

Closed
spring-issuemaster opened this Issue Mar 17, 2009 · 1 comment

1 participant

@spring-issuemaster

José Santos (Migrated from SEC-1122) said:

In section 15.2.2. JAAS AuthorityGranter of the Spring Security Reference Documentation 2.0.x:

Where it is:
An AuthorityGranter is responsible for inspecting a JAAS principal and returning a String. The JaasAuthenticationProvider then creates a JaasGrantedAuthority (which implements Spring Security’s GrantedAuthority interface) containing both the AuthorityGranter-returned String and the JAAS principal that the AuthorityGranter was passed.

It should be:
An AuthorityGranter is responsible for inspecting a JAAS principal and returning a set of Strings each one representing the name of a role assigned to the JAAS principal. For each role, the JaasAuthenticationProvider then creates a JaasGrantedAuthority (which implements Spring Security’s GrantedAuthority interface) containing both the AuthorityGranter-returned role name and the JAAS principal that the AuthorityGranter was passed.

@spring-issuemaster

Luke Taylor said:

Thanks for the report. I’ve changed the docs, without the direct reference to “roles”, as the authority strings don’t necessarily have to represent roles.

@spring-issuemaster spring-issuemaster added this to the 3.0.0 M1 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment