DefaultPermissionGrantingStrategy.isGranted(...) optimization

[jcgagne2]

Expected Behavior

DefaultPermissionGrantingStrategy.isGranted(...) should check if the ACL entries collection is empty before looping.

Current Behavior

Unnecessary nested loops over permission and sids when the ACL has no entries.

This is a minor optimization. But it's worth it if you imagine a scenario with Hierarchical roles + ACL with inheritance + @PreFilter / @PostFilter

Context

Spring Security 6.5.6
DefaultPermissionGrantingStrategy line 75

Actual code

public boolean isGranted(Acl acl, List<Permission> permission, List<Sid> sids, boolean administrativeMode)
        throws NotFoundException {
    List<AccessControlEntry> aces = acl.getEntries();
    AccessControlEntry firstRejection = null;
    for (Permission p : permission) {
        ...
    }

Suggested patch

public boolean isGranted(Acl acl, List<Permission> permission, List<Sid> sids, boolean administrativeMode)
        throws NotFoundException {
    List<AccessControlEntry> aces = acl.getEntries();
    AccessControlEntry firstRejection = null;
    // null + empty check
    if (aces != null && !aces.isEmpty())
        for (Permission p : permission) {
            ...
        }
    }