Removed methods relating to current context from AuthorityUtils, making it a simple factory for GrantedAuthority lists etc.

core/src/main/java/org/springframework/security/core/authority/AuthorityUtils.java

@@ -1,58 +1,25 @@
 package org.springframework.security.core.authority;
 
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.util.StringUtils;
-
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
 
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.util.StringUtils;
+
 /**
+ * Utility method for manipulating <tt>GrantedAuthority</tt> collections etc.
+ * <p>
+ * Mainly intended for internal use.
+ *
  * @author Luke Taylor
  * @version $Id$
  */
 public abstract class AuthorityUtils {
     public static final List<GrantedAuthority> NO_AUTHORITIES = Collections.emptyList();
 
-    /**
-     * Returns true if the current user has the specified authority.
-     *
-     * @param authority the authority to test for (e.g. "ROLE_A").
-     * @return true if a GrantedAuthority object with the same string representation as the supplied authority
-     * name exists in the current user's list of authorities. False otherwise, or if the user in not authenticated.
-     */
-    public static boolean userHasAuthority(String authority) {
-        List<GrantedAuthority> authorities = getUserAuthorities();
-
-        for (GrantedAuthority grantedAuthority : authorities) {
-            if (authority.equals(grantedAuthority.getAuthority())) {
-                return true;
-            }
-        }
-
-        return false;
-    }
-
-    /**
-     * Returns the authorities of the current user.
-     *
-     * @return an array containing the current user's authorities (or an empty array if not authenticated), never null.
-     */
-    private static List<GrantedAuthority> getUserAuthorities() {
-        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-
-        if (auth == null || auth.getAuthorities() == null) {
-            return NO_AUTHORITIES;
-        }
-
-        return auth.getAuthorities();
-    }
-
-
     /**
      * Creates a array of GrantedAuthority objects from a comma-separated string
      * representation (e.g. "ROLE_A, ROLE_B, ROLE_C").

core/src/test/java/org/springframework/security/core/authority/AuthorityUtilsTests.java

@@ -0,0 +1,31 @@
+package org.springframework.security.core.authority;
+
+import static org.junit.Assert.assertTrue;
+
+import java.util.List;
+import java.util.Set;
+
+import org.junit.Test;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.AuthorityUtils;
+
+/**
+ * @author Luke Taylor
+ * @version $Id$
+ */
+public class AuthorityUtilsTests {
+
+    @Test
+    public void commaSeparatedStringIsParsedCorrectly() {
+        List<GrantedAuthority> authorityArray =
+                AuthorityUtils.commaSeparatedStringToAuthorityList(" ROLE_A, B, C, ROLE_D\n,\n E ");
+
+        Set<String> authorities = AuthorityUtils.authorityListToSet(authorityArray);
+
+        assertTrue(authorities.contains("B"));
+        assertTrue(authorities.contains("C"));
+        assertTrue(authorities.contains("E"));
+        assertTrue(authorities.contains("ROLE_A"));
+        assertTrue(authorities.contains("ROLE_D"));
+    }
+}