Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager

Closes gh-11188
2022-05-09 03:37:06 +03:00 · 2022-05-09 03:37:06 +03:00 · 89019fb340
parent d86ed6f523
commit 89019fb340
1 changed files with 15 additions and 7 deletions
--- a/core/src/main/java/org/springframework/security/authorization/AuthorityAuthorizationManager.java
+++ b/core/src/main/java/org/springframework/security/authorization/AuthorityAuthorizationManager.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -17,6 +17,7 @@
 package org.springframework.security.authorization;

 import java.util.HashSet;
+import java.util.List;
 import java.util.Set;
 import java.util.function.Supplier;

@ -37,10 +38,10 @@ public final class AuthorityAuthorizationManager<T> implements AuthorizationMana

 	private static final String ROLE_PREFIX = "ROLE_";

-	private final Set<GrantedAuthority> authorities;
+	private final List<GrantedAuthority> authorities;

 	private AuthorityAuthorizationManager(String... authorities) {
-		this.authorities = new HashSet<>(AuthorityUtils.createAuthorityList(authorities));
+		this.authorities = AuthorityUtils.createAuthorityList(authorities);
 	}

 	/**
@ -132,16 +133,23 @@ public final class AuthorityAuthorizationManager<T> implements AuthorizationMana
 	}

 	private boolean isAuthorized(Authentication authentication) {
+		Set<String> authorities = getAuthoritySet();
 		for (GrantedAuthority grantedAuthority : authentication.getAuthorities()) {
-			for (GrantedAuthority authority : this.authorities) {
-				if (authority.getAuthority().equals(grantedAuthority.getAuthority())) {
-					return true;
-				}
+			if (authorities.contains(grantedAuthority.getAuthority())) {
+				return true;
 			}
 		}
 		return false;
 	}

+	private Set<String> getAuthoritySet() {
+		Set<String> result = new HashSet<>();
+		for (GrantedAuthority grantedAuthority : this.authorities) {
+			result.add(grantedAuthority.getAuthority());
+		}
+		return result;
+	}
+
 	@Override
 	public String toString() {
 		return "AuthorityAuthorizationManager[authorities=" + this.authorities + "]";