11/*
2- * Copyright 2002-2021 the original author or authors.
2+ * Copyright 2002-2022 the original author or authors.
33 *
44 * Licensed under the Apache License, Version 2.0 (the "License");
55 * you may not use this file except in compliance with the License.
1717package org .springframework .security .authorization ;
1818
1919import java .util .HashSet ;
20+ import java .util .List ;
2021import java .util .Set ;
2122import java .util .function .Supplier ;
2223
@@ -37,10 +38,10 @@ public final class AuthorityAuthorizationManager<T> implements AuthorizationMana
3738
3839 private static final String ROLE_PREFIX = "ROLE_" ;
3940
40- private final Set <GrantedAuthority > authorities ;
41+ private final List <GrantedAuthority > authorities ;
4142
4243 private AuthorityAuthorizationManager (String ... authorities ) {
43- this .authorities = new HashSet <>( AuthorityUtils .createAuthorityList (authorities ) );
44+ this .authorities = AuthorityUtils .createAuthorityList (authorities );
4445 }
4546
4647 /**
@@ -132,16 +133,23 @@ private boolean isGranted(Authentication authentication) {
132133 }
133134
134135 private boolean isAuthorized (Authentication authentication ) {
136+ Set <String > authorities = getAuthoritySet ();
135137 for (GrantedAuthority grantedAuthority : authentication .getAuthorities ()) {
136- for (GrantedAuthority authority : this .authorities ) {
137- if (authority .getAuthority ().equals (grantedAuthority .getAuthority ())) {
138- return true ;
139- }
138+ if (authorities .contains (grantedAuthority .getAuthority ())) {
139+ return true ;
140140 }
141141 }
142142 return false ;
143143 }
144144
145+ private Set <String > getAuthoritySet () {
146+ Set <String > result = new HashSet <>();
147+ for (GrantedAuthority grantedAuthority : this .authorities ) {
148+ result .add (grantedAuthority .getAuthority ());
149+ }
150+ return result ;
151+ }
152+
145153 @ Override
146154 public String toString () {
147155 return "AuthorityAuthorizationManager[authorities=" + this .authorities + "]" ;
0 commit comments