SEC-1325: Tighten up Authentication interface contract to disallow null authorities #1570

Closed
spring-issuemaster opened this Issue Dec 13, 2009 · 0 comments

1 participant

@spring-issuemaster

Luke Taylor (Migrated from SEC-1325) said:

This is pretty much assumed anyway by most of the internal code which processes the Authentication object. Previously it was assumed that null should mean that the token hadn't been authenticated. It should be made clear that getAuthorities never returns null. Since we are now using a Collection internal and in the API, it is easy to always return the same instance, so there is no concern about using resources unnecessarily. It also simplifies internal and external logic as the null case doesn't have to be dealt with separately.

@spring-issuemaster spring-issuemaster added this to the 3.0.0 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment