Handle Empty Role

Closes gh-13079
This commit is contained in:
Josh Cummings 2023-04-24 12:49:30 -06:00
parent e3cc8d13e8
commit 73a543d318
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
2 changed files with 6 additions and 1 deletions

View File

@ -130,7 +130,7 @@ public final class AuthorityAuthorizationManager<T> implements AuthorizationMana
String[] result = new String[roles.length];
for (int i = 0; i < roles.length; i++) {
String role = roles[i];
Assert.isTrue(!role.startsWith(rolePrefix), () -> role + " should not start with " + rolePrefix + " since "
Assert.isTrue(rolePrefix.isEmpty() || !role.startsWith(rolePrefix), () -> role + " should not start with " + rolePrefix + " since "
+ rolePrefix
+ " is automatically prepended when using hasAnyRole. Consider using hasAnyAuthority instead.");
result[i] = rolePrefix + role;

View File

@ -266,4 +266,9 @@ public class AuthorityAuthorizationManagerTests {
assertThat(manager.check(authentication, object).isGranted()).isTrue();
}
// gh-13079
@Test
void hasAnyRoleWhenEmptyRolePrefixThenNoException() {
AuthorityAuthorizationManager.hasAnyRole("", new String[] { "USER" });
}
}