SEC-1570: GrantedAuthoritiesContainerImpl should take a Collection of GrantedAuthorities. #1812

Closed
spring-issuemaster opened this Issue Sep 12, 2010 · 5 comments

1 participant

@spring-issuemaster

David J. M. Karlsen (Migrated from SEC-1570) said:

the signature today is public void setGrantedAuthorities(List newAuthorities)
IMHO public void setGrantedAuthorities(Collection newAuthorities)
would be better.

If having to choose a specific type it would probably be a Set as the authorities should be a distinct set of grants.

@spring-issuemaster

Luke Taylor said:

GrantedAuthoritiesContainerImpl is an artifact of the pre-authentication code and is deprecated in 3.1 M1, so I don't really see any need for this going forward.

@spring-issuemaster

David J. M. Karlsen said:

I see - I'm in a preauth setting and only need spring sec for authorizations (method level) based on my apps authz. knowledge of the preauthenticated user.
Any info on how I do this in 3.1?

@spring-issuemaster

David J. M. Karlsen said:

Aha! Found the solution to my problem.
Basically I'll follow this: http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#d0e1922 (and i couldn't do that in a Filter - as the resolution is done early in my servlet request processing - after any Filters have been applied).

So is it right to understand that the artifacts described in http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#preauth will disappear but this hasn't reached the reference guide yet?

@spring-issuemaster

Luke Taylor said:

Good point. The section on AbstractPreAuthenticatedAuthenticationDetailsSource needs to be rewritten, since this has been deleted. The basic approach should still be the same, it's just that the class structure has been pruned a bit.

@spring-issuemaster

Luke Taylor said:

I updated the docs retrospectively as part of the work for SEC-1538.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M2 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment