Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Roles and authorities in UserBuilder replace each other based on the order in which they were defined. #12958

Closed
zejaven opened this issue Apr 2, 2023 · 1 comment
Closed

Roles and authorities in UserBuilder replace each other based on the order in which they were defined. #12958

zejaven opened this issue Apr 2, 2023 · 1 comment
Assignees
@marcusdacoregio
Labels
status: duplicate A duplicate of another issue type: bug A general bug

Comments

@zejaven
Copy link

zejaven commented Apr 2, 2023
edited
Loading

Description
The roles and authorities in UserBuilder replace each other based on the order in which they were defined. This means that the most recently defined roles or authorities will overwrite the previous one.

To Reproduce

  1. Implement UserDetailsService this way:
    @Bean
    public UserDetailsService userDetailsService() {
        var admin = User.withUsername("admin")
                .password(passwordEncoder().encode("admin123"))
                .roles("ADMIN")
                .authorities("ACCESS_TEST1", "ACCESS_TEST2")
                .build();
        return new InMemoryUserDetailsManager(admin);
    }

Here, role "ADMIN" ("ROLE_ADMIN") won't be added to List of UserBuilder because "new ArrayList(authorities)" will be created each time.

изображение

  1. Add corresponding resources.
  2. Try to access resources that should be accessible for ROLE_ADMIN and for ACCESS_TEST1/ACCESS_TEST2 authorities.

Expected behavior
All resources should be accessible.

Sample
https://github.com/Agvernus/examples
@zejaven zejaven added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Apr 2, 2023
@marcusdacoregio
Copy link
Contributor

Hi @Agvernus, it seems that this has been implemented by #12533

Therefore I'm closing this as a duplicate.

@marcusdacoregio marcusdacoregio added status: duplicate A duplicate of another issue and removed status: waiting-for-triage An issue we've not yet triaged labels Apr 3, 2023
@marcusdacoregio marcusdacoregio self-assigned this Apr 3, 2023
@codingtim codingtim mentioned this issue Aug 24, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marcusdacoregio marcusdacoregio

Labels
status: duplicate A duplicate of another issue type: bug A general bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@marcusdacoregio @zejaven