Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UserBuilder does not allow authorities to be overridden #13290

Closed
wants to merge 1 commit into from
Closed

UserBuilder does not allow authorities to be overridden #13290

wants to merge 1 commit into from

Conversation

dkorotych
Copy link
Contributor

Broken backwards compatibility. There is currently no way to reset the this.authorities list.
For example, the code will not work correctly,

final User.UserBuilder builder = User.withUserDetails(userDetails);
if (CollectionUtils.isEmpty(authorities)) {
  builder.authorities(Collections.emptyList());
} else {
  builder.authorities(authorities.toArray(String[]::new));
}
userDetailsManager.updateUser(builder.build());

it will always merge new and old authorities, but the previous version will overwrite them

@pivotal-cla
Copy link

@dkorotych Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

@pivotal-cla
Copy link

@dkorotych Thank you for signing the Contributor License Agreement!

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jun 8, 2023
@jzheaux
Copy link
Contributor

jzheaux commented Jun 12, 2023

This appears related to #12555

@jzheaux jzheaux added in: core An issue in spring-security-core type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged labels Jun 12, 2023
@jzheaux jzheaux added this to the 6.1.1 milestone Jun 12, 2023
@sjohnr sjohnr changed the title The current version breaks backwards compatibility UserBuilder does not allow authorities to be overridden Jun 13, 2023
sjohnr added a commit that referenced this pull request Jun 13, 2023
@sjohnr
Polish gh-13290
1f04baa 
Issue gh-12533
@sjohnr
Copy link
Member

sjohnr commented Jun 13, 2023

Thanks @dkorotych! This is now merged as 4def405. I also added a polish commit 1f04baa.

@sjohnr sjohnr closed this Jun 13, 2023
@sjohnr sjohnr mentioned this pull request Aug 31, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@sjohnr sjohnr

Labels
in: core An issue in spring-security-core type: bug A general bug
Projects
Spring Security Team
Archived in project
Milestone
6.1.1
Development

Successfully merging this pull request may close these issues.
5 participants
@dkorotych @pivotal-cla @jzheaux @sjohnr @spring-projects-issues