David J. M. Karlsen (Migrated from SEC-1570) said:
the signature today is public void setGrantedAuthorities(List newAuthorities)
IMHO public void setGrantedAuthorities(Collection newAuthorities)
would be better.
If having to choose a specific type it would probably be a Set as the authorities should be a distinct set of grants.
Luke Taylor said:
GrantedAuthoritiesContainerImpl is an artifact of the pre-authentication code and is deprecated in 3.1 M1, so I don't really see any need for this going forward.
David J. M. Karlsen said:
I see - I'm in a preauth setting and only need spring sec for authorizations (method level) based on my apps authz. knowledge of the preauthenticated user.
Any info on how I do this in 3.1?
Aha! Found the solution to my problem.
Basically I'll follow this: http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#d0e1922 (and i couldn't do that in a Filter - as the resolution is done early in my servlet request processing - after any Filters have been applied).
So is it right to understand that the artifacts described in http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#preauth will disappear but this hasn't reached the reference guide yet?
Good point. The section on AbstractPreAuthenticatedAuthenticationDetailsSource needs to be rewritten, since this has been deleted. The basic approach should still be the same, it's just that the class structure has been pruned a bit.
I updated the docs retrospectively as part of the work for SEC-1538.