Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1547: Programmatic authorization : AuthorityUtils has been removed in Spring Security 3 #1790

spring-issuemaster opened this Issue Aug 23, 2010 · 3 comments


None yet
1 participant

adrian (Migrated from SEC-1547) said:

Having to iterate over the array of authorities to determine if a user has a role is inconvenient. A simple

AuthorityUtils.userHasAuthority(String authority)

would be useful.

See https://jira.springframework.org/browse/SEC-545 for JIRA asking for this kind of utility.

Luke Taylor said:

Static methods don't allow any flexibility or optimization in how the security context is accessed. This is the reason why SEC-1516 has been introduced and this kind of functionality would be part of that interface. That way a hasAuthority() method can be optimized to take advantage of situations where the authorities are a particular type of collection - an EnumSet, for example.

Luke Taylor said:

Closing, for the reason described. Classes which want to check authorities or other security context-related functions will have a "context-accessor" injected (or can use a particular instance internally if they don't want to use dependency injection). Static utility methods like those in AuthorityUtils should be regarded as internal to the framework.

adrian said:

Oups, sorry I didn't found before SEC-1516. Thanks for the link !

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M2 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment