GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Extract GrantedAuthority Docs 

Closes gh-8005
pull/7925/head
Rob Winch 6 years ago
parent
1965446d6d
commit
fbbb74c360
2 changed files with 14 additions and 16 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 16
      docs/manual/src/docs/asciidoc/_includes/servlet/architecture/technical-overview.adoc
  2. 14
      docs/manual/src/docs/asciidoc/_includes/servlet/authentication/architecture/granted-authority.adoc

16
docs/manual/src/docs/asciidoc/_includes/servlet/architecture/technical-overview.adoc
Unescape View File

@ -90,22 +90,6 @@ In many cases it makes more sense to <<core-services-authentication-manager,impl @@ -90,22 +90,6 @@ In many cases it makes more sense to <<core-services-authentication-manager,impl
====
[[tech-granted-authority]]
==== GrantedAuthority
Besides the principal, another important method provided by `Authentication` is `getAuthorities()`.
This method provides an array of `GrantedAuthority` objects.
A `GrantedAuthority` is, not surprisingly, an authority that is granted to the principal.
Such authorities are usually "roles", such as `ROLE_ADMINISTRATOR` or `ROLE_HR_SUPERVISOR`.
These roles are later on configured for web authorization, method authorization and domain object authorization.
Other parts of Spring Security are capable of interpreting these authorities, and expect them to be present.
`GrantedAuthority` objects are usually loaded by the `UserDetailsService`.
Usually the `GrantedAuthority` objects are application-wide permissions.
They are not specific to a given domain object.
Thus, you wouldn't likely have a `GrantedAuthority` to represent a permission to `Employee` object number 54, because if there are thousands of such authorities you would quickly run out of memory (or, at the very least, cause the application to take a long time to authenticate a user).
Of course, Spring Security is expressly designed to handle this common requirement, but you'd instead use the project's domain object security capabilities for this purpose.
==== Summary
Just to recap, the major building blocks of Spring Security that we've seen so far are:

14
docs/manual/src/docs/asciidoc/_includes/servlet/authentication/architecture/granted-authority.adoc
Unescape View File

@ -0,0 +1,14 @@ @@ -0,0 +1,14 @@
[[servlet-authentication-granted-authority]]
= GrantedAuthority
Besides the principal, another important method provided by `Authentication` is `getAuthorities()`.
This method provides a `Collection` of `GrantedAuthority` objects.
A `GrantedAuthority` is, not surprisingly, an authority that is granted to the principal.
Such authorities are usually "roles", such as `ROLE_ADMINISTRATOR` or `ROLE_HR_SUPERVISOR`.
These roles are later on configured for web authorization, method authorization and domain object authorization.
Other parts of Spring Security are capable of interpreting these authorities, and expect them to be present.
`GrantedAuthority` objects are usually loaded by the `UserDetailsService`.
Usually the `GrantedAuthority` objects are application-wide permissions.
They are not specific to a given domain object.
Thus, you wouldn't likely have a `GrantedAuthority` to represent a permission to `Employee` object number 54, because if there are thousands of such authorities you would quickly run out of memory (or, at the very least, cause the application to take a long time to authenticate a user).
Of course, Spring Security is expressly designed to handle this common requirement, but you'd instead use the project's domain object security capabilities for this purpose.
Write Preview
Loading…
Cancel
Save