public class PopulatedRoleAuthority extends RoleAuthority
Commonly, a users' details are stored in one table 'users-table' and its roles are stored in
another 'role-table'. The users' authorities of type RoleAuthority are actually keys (by
role-name) to the role details.
When authenticating a user, an Authentication object is returned with all the users'
details and authorities. To be ignorant of how details are actually kept, the users' details are
populated with a flat representation of all the authorities a role represents.
The first option to populate a users' authorities with a role is to just add the authorities a
role represents. But, you loose the 'role' representation. If you want to keep it, for example
for visibility in tooling, you can return a PopulatedRoleAuthority. Thus,
UserDetails.getAuthorities() will include user-specific authorities and
PopulatedRoleAuthority.
This is only relevant is you are planning to implement your own SecurityManager. Out
default implementation already incorporates this construct.
RoleAuthority.RolePrivilege| Constructor and Description |
|---|
PopulatedRoleAuthority(String role,
Authority[] authorities)
Constructs a role authority with all the authorities this role represents.
|
Copyright © GigaSpaces.