root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 20 Packages Projects Releases Wiki Activity

Refer to SimpleGrantedAuthority instead of GrantedAuthorityImpl 

GrantedAuthorityImpl has been replaced a couple of years ago with
SimpleGrantedAuthority and this commit fixes the documentation items
which weren’t updated to reflect this change.

Fixes gh-4163.
This commit is contained in:
pkovacs 2016-12-18 22:02:15 +01:00 committed by Rob Winch
parent 546d44d6e7
commit f99fe36e02
3 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java
View File

@ -74,7 +74,7 @@ public abstract class HierarchicalRolesTestHelper {
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(roles.length); List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(roles.length);
for (final String role : roles) { for (final String role : roles) {
// Use non GrantedAuthorityImpl (SEC-863) // Use non SimpleGrantedAuthority (SEC-863)
authorities.add(new GrantedAuthority() { authorities.add(new GrantedAuthority() {
public String getAuthority() { public String getAuthority() {
return role; return role;

2
docs/manual/src/docs/asciidoc/_includes/faq.adoc
View File

@ -431,7 +431,7 @@ To use JDBC instead, you can implement the interface yourself, using whatever SQ
* prefix "ROLE_" to mark attributes which are supported by Spring Security's RoleVoter. * prefix "ROLE_" to mark attributes which are supported by Spring Security's RoleVoter.
*/ */
public GrantedAuthority mapRow(ResultSet rs, int rowNum) throws SQLException { public GrantedAuthority mapRow(ResultSet rs, int rowNum) throws SQLException {
return new GrantedAuthorityImpl("ROLE_" + rs.getString(1); return new SimpleGrantedAuthority("ROLE_" + rs.getString(1);
} }
} }
} }

4
docs/manual/src/docs/asciidoc/index.adoc
View File

@ -4788,7 +4788,7 @@ This method allows
An example of a "complex" `GrantedAuthority` would be an implementation that stores a list of operations and authority thresholds that apply to different customer account numbers. Representing this complex `GrantedAuthority` as a `String` would be quite difficult, and as a result the `getAuthority()` method should return `null`. This will indicate to any `AccessDecisionManager` that it will need to specifically support the `GrantedAuthority` implementation in order to understand its contents. An example of a "complex" `GrantedAuthority` would be an implementation that stores a list of operations and authority thresholds that apply to different customer account numbers. Representing this complex `GrantedAuthority` as a `String` would be quite difficult, and as a result the `getAuthority()` method should return `null`. This will indicate to any `AccessDecisionManager` that it will need to specifically support the `GrantedAuthority` implementation in order to understand its contents.
Spring Security includes one concrete `GrantedAuthority` implementation, `GrantedAuthorityImpl`. This allows any user-specified `String` to be converted into a `GrantedAuthority`. All `AuthenticationProvider` s included with the security architecture use `GrantedAuthorityImpl` to populate the `Authentication` object. Spring Security includes one concrete `GrantedAuthority` implementation, `SimpleGrantedAuthority`. This allows any user-specified `String` to be converted into a `GrantedAuthority`. All `AuthenticationProvider` s included with the security architecture use `SimpleGrantedAuthority` to populate the `Authentication` object.
[[authz-pre-invocation]] [[authz-pre-invocation]]
@ -6554,7 +6554,7 @@ boolean supports(Class clazz);
The first method returns the `Authentication` object that should replace the existing `Authentication` object for the duration of the method invocation. If the method returns `null`, it indicates no replacement should be made. The second method is used by the `AbstractSecurityInterceptor` as part of its startup validation of configuration attributes. The `supports(Class)` method is called by a security interceptor implementation to ensure the configured `RunAsManager` supports the type of secure object that the security interceptor will present. The first method returns the `Authentication` object that should replace the existing `Authentication` object for the duration of the method invocation. If the method returns `null`, it indicates no replacement should be made. The second method is used by the `AbstractSecurityInterceptor` as part of its startup validation of configuration attributes. The `supports(Class)` method is called by a security interceptor implementation to ensure the configured `RunAsManager` supports the type of secure object that the security interceptor will present.
One concrete implementation of a `RunAsManager` is provided with Spring Security. The `RunAsManagerImpl` class returns a replacement `RunAsUserToken` if any `ConfigAttribute` starts with `RUN_AS_`. If any such `ConfigAttribute` is found, the replacement `RunAsUserToken` will contain the same principal, credentials and granted authorities as the original `Authentication` object, along with a new `GrantedAuthorityImpl` for each `RUN_AS_` `ConfigAttribute`. Each new `GrantedAuthorityImpl` will be prefixed with `ROLE_`, followed by the `RUN_AS` `ConfigAttribute`. For example, a `RUN_AS_SERVER` will result in the replacement `RunAsUserToken` containing a `ROLE_RUN_AS_SERVER` granted authority. One concrete implementation of a `RunAsManager` is provided with Spring Security. The `RunAsManagerImpl` class returns a replacement `RunAsUserToken` if any `ConfigAttribute` starts with `RUN_AS_`. If any such `ConfigAttribute` is found, the replacement `RunAsUserToken` will contain the same principal, credentials and granted authorities as the original `Authentication` object, along with a new `SimpleGrantedAuthority` for each `RUN_AS_` `ConfigAttribute`. Each new `SimpleGrantedAuthority` will be prefixed with `ROLE_`, followed by the `RUN_AS` `ConfigAttribute`. For example, a `RUN_AS_SERVER` will result in the replacement `RunAsUserToken` containing a `ROLE_RUN_AS_SERVER` granted authority.
The replacement `RunAsUserToken` is just like any other `Authentication` object. It needs to be authenticated by the `AuthenticationManager`, probably via delegation to a suitable `AuthenticationProvider`. The `RunAsImplAuthenticationProvider` performs such authentication. It simply accepts as valid any `RunAsUserToken` presented. The replacement `RunAsUserToken` is just like any other `Authentication` object. It needs to be authenticated by the `AuthenticationManager`, probably via delegation to a suitable `AuthenticationProvider`. The `RunAsImplAuthenticationProvider` performs such authentication. It simply accepts as valid any `RunAsUserToken` presented.