Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager
Closes gh-11188
This commit is contained in:
parent
dc2bd2b4f8
commit
dbd96a9e3f
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2021 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -17,6 +17,7 @@
|
||||||
package org.springframework.security.authorization;
|
package org.springframework.security.authorization;
|
||||||
|
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import java.util.function.Supplier;
|
import java.util.function.Supplier;
|
||||||
|
|
||||||
|
@ -37,10 +38,10 @@ public final class AuthorityAuthorizationManager<T> implements AuthorizationMana
|
||||||
|
|
||||||
private static final String ROLE_PREFIX = "ROLE_";
|
private static final String ROLE_PREFIX = "ROLE_";
|
||||||
|
|
||||||
private final Set<GrantedAuthority> authorities;
|
private final List<GrantedAuthority> authorities;
|
||||||
|
|
||||||
private AuthorityAuthorizationManager(String... authorities) {
|
private AuthorityAuthorizationManager(String... authorities) {
|
||||||
this.authorities = new HashSet<>(AuthorityUtils.createAuthorityList(authorities));
|
this.authorities = AuthorityUtils.createAuthorityList(authorities);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -132,16 +133,23 @@ public final class AuthorityAuthorizationManager<T> implements AuthorizationMana
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean isAuthorized(Authentication authentication) {
|
private boolean isAuthorized(Authentication authentication) {
|
||||||
|
Set<String> authorities = getAuthoritySet();
|
||||||
for (GrantedAuthority grantedAuthority : authentication.getAuthorities()) {
|
for (GrantedAuthority grantedAuthority : authentication.getAuthorities()) {
|
||||||
for (GrantedAuthority authority : this.authorities) {
|
if (authorities.contains(grantedAuthority.getAuthority())) {
|
||||||
if (authority.getAuthority().equals(grantedAuthority.getAuthority())) {
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private Set<String> getAuthoritySet() {
|
||||||
|
Set<String> result = new HashSet<>();
|
||||||
|
for (GrantedAuthority grantedAuthority : this.authorities) {
|
||||||
|
result.add(grantedAuthority.getAuthority());
|
||||||
|
}
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String toString() {
|
public String toString() {
|
||||||
return "AuthorityAuthorizationManager[authorities=" + this.authorities + "]";
|
return "AuthorityAuthorizationManager[authorities=" + this.authorities + "]";
|
||||||
|
|
Loading…
Reference in New Issue