Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1325: Tighten up Authentication interface contract to disallow null authorities #1570

spring-issuemaster opened this Issue Dec 13, 2009 · 0 comments


None yet
1 participant

Luke Taylor (Migrated from SEC-1325) said:

This is pretty much assumed anyway by most of the internal code which processes the Authentication object. Previously it was assumed that null should mean that the token hadn't been authenticated. It should be made clear that getAuthorities never returns null. Since we are now using a Collection internal and in the API, it is easy to always return the same instance, so there is no concern about using resources unnecessarily. It also simplifies internal and external logic as the null case doesn't have to be dealt with separately.

@spring-issuemaster spring-issuemaster added this to the 3.0.0 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment