adrian (Migrated from SEC-1547) said:
Having to iterate over the array of authorities to determine if a user has a role is inconvenient. A simple
would be useful.
See https://jira.springframework.org/browse/SEC-545 for JIRA asking for this kind of utility.
Luke Taylor said:
Static methods don't allow any flexibility or optimization in how the security context is accessed. This is the reason why SEC-1516 has been introduced and this kind of functionality would be part of that interface. That way a hasAuthority() method can be optimized to take advantage of situations where the authorities are a particular type of collection - an EnumSet, for example.
Closing, for the reason described. Classes which want to check authorities or other security context-related functions will have a "context-accessor" injected (or can use a particular instance internally if they don't want to use dependency injection). Static utility methods like those in AuthorityUtils should be regarded as internal to the framework.
Oups, sorry I didn't found before SEC-1516. Thanks for the link !