SEC-1550: Convert signatures to use Collection<? extends GrantedAuthority> where appropriate.

2010-11-03 13:45:35 +00:00 · 2010-11-03 13:45:35 +00:00 · 1c8d28501c
parent 8d867e8b67
commit 1c8d28501c
37 changed files with 71 additions and 65 deletions
--- a/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java
@ -51,7 +51,7 @@ public class SidRetrievalStrategyImpl implements SidRetrievalStrategy {
    //~ Methods ========================================================================================================
    public List<Sid> getSids(Authentication authentication) {
-        Collection<GrantedAuthority> authorities = roleHierarchy.getReachableGrantedAuthorities(authentication.getAuthorities());
+        Collection<? extends GrantedAuthority> authorities = roleHierarchy.getReachableGrantedAuthorities(authentication.getAuthorities());
        List<Sid> sids = new ArrayList<Sid>(authorities.size() + 1);
        sids.add(new PrincipalSid(authentication));
--- a/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
@ -4,6 +4,7 @@ import static org.junit.Assert.*;
 import static org.mockito.Matchers.*;
 import static org.mockito.Mockito.*;
 import java.util.Collection;
 import java.util.List;
 import org.junit.Test;
@ -53,8 +54,8 @@ public class SidRetrievalStrategyTests {
    @Test
    public void roleHierarchyIsUsedWhenSet() throws Exception {
        RoleHierarchy rh =  mock(RoleHierarchy.class);
-        List<GrantedAuthority> rhAuthorities = AuthorityUtils.createAuthorityList("D");
+        List rhAuthorities = AuthorityUtils.createAuthorityList("D");
-        when(rh.getReachableGrantedAuthorities(anyList())).thenReturn(rhAuthorities);
+        when(rh.getReachableGrantedAuthorities(anyCollection())).thenReturn(rhAuthorities);
        SidRetrievalStrategy strat = new SidRetrievalStrategyImpl(rh);
        List<Sid> sids = strat.getSids(authentication);
--- a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java
+++ b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java
@ -121,7 +121,7 @@ public abstract class SecurityExpressionRoot {
    private Set<String> getAuthoritySet() {
        if (roles == null) {
            roles = new HashSet<String>();
-            Collection<GrantedAuthority> userAuthorities = authentication.getAuthorities();
+            Collection<? extends GrantedAuthority> userAuthorities = authentication.getAuthorities();
            if (roleHierarchy != null) {
                userAuthorities = roleHierarchy.getReachableGrantedAuthorities(userAuthorities);
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/NullRoleHierarchy.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/NullRoleHierarchy.java
@ -11,7 +11,7 @@ import org.springframework.security.core.GrantedAuthority;
 */
 public final class NullRoleHierarchy implements RoleHierarchy {
-    public Collection<GrantedAuthority> getReachableGrantedAuthorities(Collection<GrantedAuthority> authorities) {
+    public Collection<? extends GrantedAuthority> getReachableGrantedAuthorities(Collection<? extends GrantedAuthority> authorities) {
        return authorities;
    }
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchy.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchy.java
@ -40,6 +40,6 @@ public interface RoleHierarchy {
     * @param authorities - List of the directly assigned authorities.
     * @return List of all reachable authorities given the assigned authorities.
     */
-    public Collection<GrantedAuthority> getReachableGrantedAuthorities(Collection<GrantedAuthority> authorities);
+    public Collection<? extends GrantedAuthority> getReachableGrantedAuthorities(Collection<? extends GrantedAuthority> authorities);
 }
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java
@ -105,7 +105,7 @@ public class RoleHierarchyImpl implements RoleHierarchy {
        buildRolesReachableInOneOrMoreStepsMap();
    }
-    public Collection<GrantedAuthority> getReachableGrantedAuthorities(Collection<GrantedAuthority> authorities) {
+    public Collection<GrantedAuthority> getReachableGrantedAuthorities(Collection<? extends GrantedAuthority> authorities) {
        if (authorities == null || authorities.isEmpty()) {
            return AuthorityUtils.NO_AUTHORITIES;
        }
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/UserDetailsWrapper.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/UserDetailsWrapper.java
@ -49,7 +49,7 @@ public class UserDetailsWrapper implements UserDetails {
        return userDetails.isAccountNonLocked();
    }
-    public Collection<GrantedAuthority> getAuthorities() {
+    public Collection<? extends GrantedAuthority> getAuthorities() {
        return roleHierarchy.getReachableGrantedAuthorities(userDetails.getAuthorities());
    }
--- a/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java
@ -26,7 +26,7 @@ public class RoleHierarchyVoter extends RoleVoter {
     * Calls the <tt>RoleHierarchy</tt> to obtain the complete set of user authorities.
     */
    @Override
-    Collection<GrantedAuthority> extractAuthorities(Authentication authentication) {
+    Collection<? extends GrantedAuthority> extractAuthorities(Authentication authentication) {
        return roleHierarchy.getReachableGrantedAuthorities(authentication.getAuthorities());
    }
 }
--- a/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java
@ -93,7 +93,7 @@ public class RoleVoter implements AccessDecisionVoter {
    public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
        int result = ACCESS_ABSTAIN;
-        Collection<GrantedAuthority> authorities = extractAuthorities(authentication);
+        Collection<? extends GrantedAuthority> authorities = extractAuthorities(authentication);
        for (ConfigAttribute attribute : attributes) {
            if (this.supports(attribute)) {
@ -111,7 +111,7 @@ public class RoleVoter implements AccessDecisionVoter {
        return result;
    }
-    Collection<GrantedAuthority> extractAuthorities(Authentication authentication) {
+    Collection<? extends GrantedAuthority> extractAuthorities(Authentication authentication) {
        return authentication.getAuthorities();
    }
 }
--- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManager.java
@ -30,7 +30,7 @@ public interface RemoteAuthenticationManager {
    /**
     * Attempts to authenticate the remote client using the presented username and password. If authentication
-     * is successful, an array of <code>GrantedAuthority[]</code> objects will be returned.
+     * is successful, a collection of {@code GrantedAuthority} objects will be returned.
     * <p>
     * In order to maximise remoting protocol compatibility, a design decision was taken to operate with minimal
     * arguments and return only the minimal amount of information required for remote clients to enable/disable
@ -44,6 +44,6 @@ public interface RemoteAuthenticationManager {
     *
     * @throws RemoteAuthenticationException if the authentication failed.
     */
-    Collection<GrantedAuthority> attemptAuthentication(String username, String password)
+    Collection<? extends GrantedAuthority> attemptAuthentication(String username, String password)
        throws RemoteAuthenticationException;
 }
--- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java
+++ b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java
@ -44,7 +44,7 @@ public class RemoteAuthenticationManagerImpl implements RemoteAuthenticationMana
        Assert.notNull(this.authenticationManager, "authenticationManager is required");
    }
-    public Collection<GrantedAuthority> attemptAuthentication(String username, String password)
+    public Collection<? extends GrantedAuthority> attemptAuthentication(String username, String password)
            throws RemoteAuthenticationException {
        UsernamePasswordAuthenticationToken request = new UsernamePasswordAuthenticationToken(username, password);
--- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java
@ -58,7 +58,7 @@ public class RemoteAuthenticationProvider implements AuthenticationProvider, Ini
        throws AuthenticationException {
        String username = authentication.getPrincipal().toString();
        String password = authentication.getCredentials().toString();
-        Collection<GrantedAuthority> authorities = remoteAuthenticationManager.attemptAuthentication(username, password);
+        Collection<? extends GrantedAuthority> authorities = remoteAuthenticationManager.attemptAuthentication(username, password);
        return new UsernamePasswordAuthenticationToken(username, password, authorities);
    }
--- a/core/src/main/java/org/springframework/security/core/Authentication.java
+++ b/core/src/main/java/org/springframework/security/core/Authentication.java
@ -59,7 +59,7 @@ public interface Authentication extends Principal, Serializable {
     * @return the authorities granted to the principal, or an empty collection if the token has not been authenticated.
     * Never null.
     */
-    Collection<GrantedAuthority> getAuthorities();
+    Collection<? extends GrantedAuthority> getAuthorities();
    /**
     * The credentials that prove the principal is correct. This is usually a password, but could be anything
--- a/core/src/main/java/org/springframework/security/core/authority/AuthorityUtils.java
+++ b/core/src/main/java/org/springframework/security/core/authority/AuthorityUtils.java
@ -35,7 +35,7 @@ public abstract class AuthorityUtils {
     * Converts an array of GrantedAuthority objects to a Set.
     * @return a Set of the Strings obtained from each call to GrantedAuthority.getAuthority()
     */
-    public static Set<String> authorityListToSet(Collection<GrantedAuthority> userAuthorities) {
+    public static Set<String> authorityListToSet(Collection<? extends GrantedAuthority> userAuthorities) {
        Set<String> set = new HashSet<String>(userAuthorities.size());
        for (GrantedAuthority authority: userAuthorities) {
--- a/core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java
@ -59,7 +59,7 @@ public interface UserDetails extends Serializable {
     *
     * @return the authorities, sorted by natural key (never <code>null</code>)
     */
-    Collection<GrantedAuthority> getAuthorities();
+    Collection<? extends GrantedAuthority> getAuthorities();
    /**
     * Returns the password used to authenticate the user. Cannot return <code>null</code>.
--- a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
+++ b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java
@ -493,7 +493,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
        validateAuthorities(user.getAuthorities());
    }
-    private void validateAuthorities(Collection<GrantedAuthority> authorities) {
+    private void validateAuthorities(Collection<? extends GrantedAuthority> authorities) {
        Assert.notNull(authorities, "Authorities list must not be null");
        for (GrantedAuthority authority : authorities) {
--- a/core/src/main/java/org/springframework/security/provisioning/MutableUser.java
+++ b/core/src/main/java/org/springframework/security/provisioning/MutableUser.java
@ -27,7 +27,7 @@ class MutableUser implements MutableUserDetails {
        this.password = password;
    }
-    public Collection<GrantedAuthority> getAuthorities() {
+    public Collection<? extends GrantedAuthority> getAuthorities() {
        return delegate.getAuthorities();
    }
--- a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java
@ -46,7 +46,7 @@ public class SecurityExpressionRootTests {
        SecurityExpressionRoot root = new SecurityExpressionRoot(JOE) {};
        root.setRoleHierarchy(new RoleHierarchy() {
-            public Collection<GrantedAuthority> getReachableGrantedAuthorities(Collection<GrantedAuthority> authorities) {
+            public Collection<GrantedAuthority> getReachableGrantedAuthorities(Collection<? extends GrantedAuthority> authorities) {
                return AuthorityUtils.createAuthorityList("C");
            }
        });
--- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java
+++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java
@ -28,7 +28,7 @@ import org.apache.commons.collections.CollectionUtils;
 */
 public abstract class HierarchicalRolesTestHelper {
-    public static boolean containTheSameGrantedAuthorities(Collection<GrantedAuthority> authorities1, Collection<GrantedAuthority> authorities2) {
+    public static boolean containTheSameGrantedAuthorities(Collection<? extends GrantedAuthority> authorities1, Collection<? extends GrantedAuthority> authorities2) {
        if (authorities1 == null && authorities2 == null) {
            return true;
        }
@ -39,7 +39,7 @@ public abstract class HierarchicalRolesTestHelper {
        return CollectionUtils.isEqualCollection(authorities1, authorities2);
    }
-    public static boolean containTheSameGrantedAuthoritiesCompareByAuthorityString(Collection<GrantedAuthority> authorities1, Collection<GrantedAuthority> authorities2) {
+    public static boolean containTheSameGrantedAuthoritiesCompareByAuthorityString(Collection<? extends GrantedAuthority> authorities1, Collection<? extends GrantedAuthority> authorities2) {
        if (authorities1 == null && authorities2 == null) {
            return true;
        }
@ -50,7 +50,7 @@ public abstract class HierarchicalRolesTestHelper {
        return CollectionUtils.isEqualCollection(toCollectionOfAuthorityStrings(authorities1), toCollectionOfAuthorityStrings(authorities2));
    }
-    public static List<String> toCollectionOfAuthorityStrings(Collection<GrantedAuthority> authorities) {
+    public static List<String> toCollectionOfAuthorityStrings(Collection<? extends GrantedAuthority> authorities) {
        if (authorities == null) {
            return null;
        }
--- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
@ -192,7 +192,7 @@ public class JaasAuthenticationProviderTests {
        assertNotNull(jaasProvider.getLoginConfig());
        assertNotNull(jaasProvider.getLoginContextName());
-        Collection<GrantedAuthority> list = auth.getAuthorities();
+        Collection<? extends GrantedAuthority> list = auth.getAuthorities();
        assertTrue("GrantedAuthorities should contain ROLE_TEST1", list.contains(new GrantedAuthorityImpl("ROLE_TEST1")));
        assertTrue("GrantedAuthorities should contain ROLE_TEST2", list.contains(new GrantedAuthorityImpl("ROLE_TEST2")));
--- a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java
@ -91,7 +91,7 @@ public class RemoteAuthenticationProviderTests extends TestCase {
            this.grantAccess = grantAccess;
        }
-        public Collection<GrantedAuthority> attemptAuthentication(String username, String password)
+        public Collection<? extends GrantedAuthority> attemptAuthentication(String username, String password)
            throws RemoteAuthenticationException {
            if (grantAccess) {
                return AuthorityUtils.createAuthorityList("foo");
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java
@ -251,7 +251,7 @@ public class LdapAuthenticationProvider implements AuthenticationProvider, Messa
        try {
            DirContextOperations userData = getAuthenticator().authenticate(authentication);
-            Collection<GrantedAuthority> extraAuthorities = loadUserAuthorities(userData, username, password);
+            Collection<? extends GrantedAuthority> extraAuthorities = loadUserAuthorities(userData, username, password);
            UserDetails user = userDetailsContextMapper.mapUserFromContext(userData, username, extraAuthorities);
@ -272,7 +272,7 @@ public class LdapAuthenticationProvider implements AuthenticationProvider, Messa
        }
    }
-    protected Collection<GrantedAuthority> loadUserAuthorities(DirContextOperations userData, String username, String password) {
+    protected Collection<? extends GrantedAuthority> loadUserAuthorities(DirContextOperations userData, String username, String password) {
        return getAuthoritiesPopulator().getGrantedAuthorities(userData, username);
    }
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java
@ -24,7 +24,7 @@ public class UserDetailsServiceLdapAuthoritiesPopulator implements LdapAuthoriti
        this.userDetailsService = userService;
    }
-    public Collection<GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username) {
+    public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username) {
        return userDetailsService.loadUserByUsername(username).getAuthorities();
    }
 }
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java
@ -28,7 +28,7 @@ import org.springframework.util.Assert;
 */
 public class InetOrgPersonContextMapper implements UserDetailsContextMapper {
-    public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<GrantedAuthority> authorities) {
+    public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {
        InetOrgPerson.Essence p = new InetOrgPerson.Essence(ctx);
        p.setUsername(username);
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthoritiesPopulator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthoritiesPopulator.java
@ -42,5 +42,5 @@ public interface LdapAuthoritiesPopulator {
     * @return the granted authorities for the given user.
     *
     */
-    Collection<GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username);
+    Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username);
 }
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java
@ -222,7 +222,7 @@ public class LdapUserDetailsImpl implements LdapUserDetails, PasswordPolicyData
            instance.accountNonLocked = accountNonLocked;
        }
-        public void setAuthorities(Collection<GrantedAuthority> authorities) {
+        public void setAuthorities(Collection<? extends GrantedAuthority> authorities) {
            mutableAuthorities = new ArrayList<GrantedAuthority>();
            mutableAuthorities.addAll(authorities);
        }
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java
@ -310,7 +310,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
        userDetailsMapper.mapUserToContext(user, ctx);
    }
-    protected void addAuthorities(DistinguishedName userDn, Collection<GrantedAuthority> authorities) {
+    protected void addAuthorities(DistinguishedName userDn, Collection<? extends GrantedAuthority> authorities) {
        modifyAuthorities(userDn, authorities, DirContext.ADD_ATTRIBUTE);
    }
@ -318,7 +318,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
        modifyAuthorities(userDn, authorities, DirContext.REMOVE_ATTRIBUTE);
    }
-    private void modifyAuthorities(final DistinguishedName userDn, final Collection<GrantedAuthority> authorities, final int modType) {
+    private void modifyAuthorities(final DistinguishedName userDn, final Collection<? extends GrantedAuthority> authorities, final int modType) {
        template.executeReadWrite(new ContextExecutor() {
            public Object executeWithContext(DirContext ctx) throws NamingException {
                for(GrantedAuthority authority : authorities) {
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapper.java
@ -45,7 +45,7 @@ public class LdapUserDetailsMapper implements UserDetailsContextMapper {
    //~ Methods ========================================================================================================
-    public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<GrantedAuthority> authorities) {
+    public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {
        String dn = ctx.getNameInNamespace();
        logger.debug("Mapping user details from context with DN: " + dn);
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java
@ -13,7 +13,7 @@ import org.springframework.util.Assert;
 */
 public class PersonContextMapper implements UserDetailsContextMapper {
-    public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<GrantedAuthority> authorities) {
+    public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {
        Person.Essence p = new Person.Essence(ctx);
        p.setUsername(username);
--- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/UserDetailsContextMapper.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/UserDetailsContextMapper.java
@ -36,10 +36,10 @@ public interface UserDetailsContextMapper {
     *
     * @param ctx the context object which contains the user information.
     * @param username the user's supplied login name.
-     * @param authority the list of authorities which the user should be given.
+     * @param authorities
     * @return the user object.
     */
-    UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<GrantedAuthority> authority);
+    UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities);
    /**
     * Reverse of the above operation. Populates a context object from the supplied user object.
--- a/ldap/src/test/java/org/springframework/security/ldap/populator/UserDetailsServiceLdapAuthoritiesPopulatorTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/populator/UserDetailsServiceLdapAuthoritiesPopulatorTests.java
@ -4,6 +4,7 @@ import static org.junit.Assert.*;
 import static org.mockito.Mockito.*;
 import java.util.Collection;
 import java.util.List;
 import org.junit.Test;
 import org.springframework.ldap.core.DirContextAdapter;
@ -23,10 +24,11 @@ public class UserDetailsServiceLdapAuthoritiesPopulatorTests {
        UserDetailsService uds = mock(UserDetailsService.class);
        UserDetails user = mock(UserDetails.class);
        when(uds.loadUserByUsername("joe")).thenReturn(user);
-        when(user.getAuthorities()).thenReturn(AuthorityUtils.createAuthorityList("ROLE_USER"));
+        List authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
        when(user.getAuthorities()).thenReturn(authorities);
        UserDetailsServiceLdapAuthoritiesPopulator populator = new UserDetailsServiceLdapAuthoritiesPopulator(uds);
-        Collection<GrantedAuthority> auths =  populator.getGrantedAuthorities(new DirContextAdapter(), "joe");
+        Collection<? extends GrantedAuthority> auths =  populator.getGrantedAuthorities(new DirContextAdapter(), "joe");
        assertEquals(1, auths.size());
        assertTrue(AuthorityUtils.authorityListToSet(auths).contains("ROLE_USER"));
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
@ -45,17 +45,17 @@ import org.springframework.util.StringUtils;
 import org.springframework.web.context.support.WebApplicationContextUtils;
 /**
- * A base class for an &lt;authorize&gt; tag that is independent of the tag rendering technology (JSP, Facelets). 
+ * A base class for an &lt;authorize&gt; tag that is independent of the tag rendering technology (JSP, Facelets).
- * It treats tag attributes as simple strings rather than strings that may contain expressions with the 
+ * It treats tag attributes as simple strings rather than strings that may contain expressions with the
 * exception of the "access" attribute, which is always expected to contain a Spring EL expression.
- * 
+ *
 * Subclasses are expected to extract tag attribute values from the specific rendering technology, evaluate
 * them as expressions if necessary, and set the String-based attributes of this class.
- * 
+ *
 * @author Francois Beausoleil
 * @author Luke Taylor
 * @author Rossen Stoyanchev
- * 
+ *
 * @since 3.1.0
 */
 public abstract class AbstractAuthorizeTag {
@ -94,9 +94,9 @@ public abstract class AbstractAuthorizeTag {
 	 * <li>ifAllGranted, ifAnyGranted, ifNotGranted</li>
 	 * </ul>
 	 * The above combinations are mutually exclusive and evaluated in the given order.
-	 * 
+	 *
 	 * @return the result of the authorization decision
-	 * 
+	 *
 	 * @throws IOException
 	 */
 	public boolean authorize() throws IOException {
@ -119,7 +119,7 @@ public abstract class AbstractAuthorizeTag {
 	/**
 	 * Make an authorization decision by considering ifAllGranted, ifAnyGranted, and ifNotGranted. All 3 or any
 	 * combination can be provided. All provided attributes must evaluate to true.
-	 * 
+	 *
 	 * @return the result of the authorization decision
 	 */
 	public boolean authorizeUsingGrantedAuthorities() {
@ -131,7 +131,7 @@ public abstract class AbstractAuthorizeTag {
 			return false;
 		}
-		final Collection<GrantedAuthority> granted = getPrincipalAuthorities();
+		final Collection<? extends GrantedAuthority> granted = getPrincipalAuthorities();
 		if (hasTextAllGranted) {
 			if (!granted.containsAll(toAuthorities(getIfAllGranted()))) {
@ -159,9 +159,9 @@ public abstract class AbstractAuthorizeTag {
 	/**
 	 * Make an authorization decision based on a Spring EL expression. See the "Expression-Based Access Control" chapter
 	 * in Spring Security for details on what expressions can be used.
-	 * 
+	 *
 	 * @return the result of the authorization decision
-	 * 
+	 *
 	 * @throws IOException
 	 */
 	public boolean authorizeUsingAccessExpression() throws IOException {
@ -194,9 +194,9 @@ public abstract class AbstractAuthorizeTag {
 	/**
 	 * Make an authorization decision based on the URL and HTTP method attributes. True is returned if the user is
 	 * allowed to access the given URL as defined.
-	 * 
+	 *
 	 * @return the result of the authorization decision
-	 * 
+	 *
 	 * @throws IOException
 	 */
 	public boolean authorizeUsingUrlCheck() throws IOException {
@ -255,7 +255,7 @@ public abstract class AbstractAuthorizeTag {
 	/*------------- Private helper methods  -----------------*/
-	private Collection<GrantedAuthority> getPrincipalAuthorities() {
+	private Collection<? extends GrantedAuthority> getPrincipalAuthorities() {
 		Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
 		if (null == currentUser) {
 			return Collections.emptyList();
@ -269,7 +269,7 @@ public abstract class AbstractAuthorizeTag {
 		return requiredAuthorities;
 	}
-	private Set<GrantedAuthority> retainAll(final Collection<GrantedAuthority> granted,
+	private Set<GrantedAuthority> retainAll(final Collection<? extends GrantedAuthority> granted,
 			final Set<GrantedAuthority> required) {
 		Set<String> grantedRoles = authoritiesToRoles(granted);
 		Set<String> requiredRoles = authoritiesToRoles(required);
@ -278,7 +278,7 @@ public abstract class AbstractAuthorizeTag {
 		return rolesToAuthorities(grantedRoles, granted);
 	}
-	private Set<String> authoritiesToRoles(Collection<GrantedAuthority> c) {
+	private Set<String> authoritiesToRoles(Collection<? extends GrantedAuthority> c) {
 		Set<String> target = new HashSet<String>();
 		for (GrantedAuthority authority : c) {
 			if (null == authority.getAuthority()) {
@ -291,7 +291,7 @@ public abstract class AbstractAuthorizeTag {
 		return target;
 	}
-	private Set<GrantedAuthority> rolesToAuthorities(Set<String> grantedRoles, Collection<GrantedAuthority> granted) {
+	private Set<GrantedAuthority> rolesToAuthorities(Set<String> grantedRoles, Collection<? extends GrantedAuthority> granted) {
 		Set<GrantedAuthority> target = new HashSet<GrantedAuthority>();
 		for (String role : grantedRoles) {
 			for (GrantedAuthority authority : granted) {
@ -316,7 +316,7 @@ public abstract class AbstractAuthorizeTag {
 				return h;
 			}
 		}
-		
+
 		throw new IOException("No visible WebSecurityExpressionHandler instance could be found in the application "
 				+ "context. There must be at least one in order to support expressions in JSP 'authorize' tags.");
 	}
--- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserAuthorityChanger.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserAuthorityChanger.java
@ -22,10 +22,10 @@ public interface SwitchUserAuthorityChanger {
     *
     * @param targetUser the UserDetails representing the identity being switched to
     * @param currentAuthentication the current Authentication of the principal performing the switching
-     * @param authoritiesToBeGranted all {@link GrantedAuthority} instances to be granted to the user,
+     * @param authoritiesToBeGranted all {@link org.springframework.security.core.GrantedAuthority} instances to be granted to the user,
     * excluding the special "switch user" authority that is used internally (guaranteed never null)
     *
     * @return the modified list of granted authorities.
     */
-    Collection<GrantedAuthority> modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, Collection<GrantedAuthority> authoritiesToBeGranted);
+    Collection<? extends GrantedAuthority> modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, Collection<? extends GrantedAuthority> authoritiesToBeGranted);
 }
--- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
@ -291,7 +291,7 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
        GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(ROLE_PREVIOUS_ADMINISTRATOR, currentAuth);
        // get the original authorities
-        Collection<GrantedAuthority> orig = targetUser.getAuthorities();
+        Collection<? extends GrantedAuthority> orig = targetUser.getAuthorities();
        // Allow subclasses to change the authorities to be granted
        if (switchUserAuthorityChanger != null) {
@ -324,7 +324,7 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
        Authentication original = null;
        // iterate over granted authorities and find the 'switch user' authority
-        Collection<GrantedAuthority> authorities = current.getAuthorities();
+        Collection<? extends GrantedAuthority> authorities = current.getAuthorities();
        for (GrantedAuthority auth : authorities) {
            // check for switch user type of authority
--- a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java
@ -127,7 +127,7 @@ public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequest
            return false;
        }
-        Collection<GrantedAuthority> authorities = auth.getAuthorities();
+        Collection<? extends GrantedAuthority> authorities = auth.getAuthorities();
        if (authorities == null) {
            return false;
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSphere2SpringSecurityPropagationInterceptorTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSphere2SpringSecurityPropagationInterceptorTests.java
@ -18,6 +18,8 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsChecker;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
 import java.util.List;
 /**
 *
 * @author Luke Taylor
@ -54,7 +56,8 @@ public class WebSphere2SpringSecurityPropagationInterceptorTests {
        PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();
        AuthenticationUserDetailsService uds = mock(AuthenticationUserDetailsService.class);
        UserDetails user = mock(UserDetails.class);
-        when(user.getAuthorities()).thenReturn(AuthorityUtils.createAuthorityList("SOME_ROLE"));
+        List authorities = AuthorityUtils.createAuthorityList("SOME_ROLE");
        when(user.getAuthorities()).thenReturn(authorities);
        when(uds.loadUserDetails(any(Authentication.class))).thenReturn(user);
        provider.setPreAuthenticatedUserDetailsService(uds);
        provider.setUserDetailsChecker(mock(UserDetailsChecker.class));
--- a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
@ -368,7 +368,7 @@ public class SwitchUserFilterTests {
        SwitchUserFilter filter = new SwitchUserFilter();
        filter.setUserDetailsService(new MockUserDetailsService());
        filter.setSwitchUserAuthorityChanger(new SwitchUserAuthorityChanger() {
-            public Collection<GrantedAuthority> modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, Collection<GrantedAuthority> authoritiesToBeGranted) {
+            public Collection<GrantedAuthority> modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, Collection<? extends GrantedAuthority> authoritiesToBeGranted) {
                List <GrantedAuthority>auths = new ArrayList<GrantedAuthority>();
                auths.add(new GrantedAuthorityImpl("ROLE_NEW"));
                return auths;