AclAuthorizationStrategyImpl uses name

Fixes gh-4085
9 years ago · 07d1c7c5eb
1 changed files with 7 additions and 4 deletions
--- a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java
@ -16,18 +16,20 @@
 package org.springframework.security.acls.domain;
 import java.util.Arrays;
 import java.util.List;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.acls.model.Acl;
 import org.springframework.security.acls.model.Sid;
 import org.springframework.security.acls.model.SidRetrievalStrategy;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.util.Assert;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Set;
 /**
 * Default implementation of {@link AclAuthorizationStrategy}.
 * <p>
@ -118,7 +120,8 @@ public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
 		}
 		// Iterate this principal's authorities to determine right
-		if (authentication.getAuthorities().contains(requiredAuthority)) {
+		Set<String> authorities = AuthorityUtils.authorityListToSet(authentication.getAuthorities());
 		if (authorities.contains(requiredAuthority.getAuthority())) {
 			return;
 		}