Skip to content

Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager#isAuthorized #11188

New issue
New issue
Closed
#11189
Closed
Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager#isAuthorized#11188
#11189
Assignees
jzheaux
Labels
in: coreAn issue in spring-security-coretype: enhancementA general enhancement
Milestone
5.7.0
@evgeniycheban

Description

@evgeniycheban
evgeniycheban
opened on May 8, 2022

Currently AuthorityAuthorizationManager#isAuthorized uses an inner loop to determine if user has required authority:

private boolean isAuthorized(Authentication authentication) {
    for (GrantedAuthority grantedAuthority : authentication.getAuthorities()) {
	for (GrantedAuthority authority : this.authorities) {
	    if (authority.getAuthority().equals(grantedAuthority.getAuthority())) {
		return true;
            }
	}
    }
    return false;
}

It can be replaced with a Set of authority strings which will be more efficient because HashSet has constant lookup time O(1).

Metadata

Metadata

Assignees

Labels

in: coreAn issue in spring-security-coretype: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions