public class PopulatedRoleAuthority extends RoleAuthority
Commonly, a users'
details are stored in one table 'users-table' and its roles are stored in another 'role-table'.
The users' authorities of type RoleAuthority
are actually keys (by role-name) to the role
details.
When authenticating a user, an Authentication
object is returned with all
the users' details and authorities. To be ignorant of how details are actually kept, the users'
details are populated with a flat representation of all the authorities a role represents.
The first option to populate a users' authorities with a role is to just add the authorities a
role represents. But, you loose the 'role' representation. If you want to keep it, for example
for visibility in tooling, you can return a PopulatedRoleAuthority
. Thus, UserDetails.getAuthorities()
will include user-specific authorities and PopulatedRoleAuthority
.
This is only relevant is you are planning to implement your own
SecurityManager
. Out default implementation already incorporates this construct.
RoleAuthority.RolePrivilege
Constructor and Description |
---|
PopulatedRoleAuthority(String role,
Authority[] authorities)
Constructs a role authority with all the authorities this role represents.
|
Copyright © GigaSpaces.