Expected Behavior
If create UserDetails like this
User.builder()
.role("admin")
.authorities("write")
...
.build()
I think UserDetails.getAuthorities() must have ["ROLE_admin", "write"]
Current Behavior
Now if create like describe above UserDetails.getAuthorities() it will have only ["write"]
Context
While creating UserDetails i can call .role(String... roles) and .authorities(String... authorities). If business logic of my application must have role and other custom authorities together, i don't call .role(..).authorities() together becouse it will have only last authorities in UserDetails.
If change behavior it can become more intuitive to use separate call .role() and .authorities() than create Collection<? extends GrantedAuthority> and then put in into method .authorities()
Comment From: sjohnr
Hi @PavelShelogurov! Thanks for reaching out! I understand that you are wanting to use both roles and authorities.
The javadoc for roles(...) states:
Populates the roles. This method is a shortcut for calling
authorities(String...), but automatically prefixes each entry with "ROLE_". This means the following:builder.roles("USER","ADMIN");is equivalent tobuilder.authorities("ROLE_USER","ROLE_ADMIN");This attribute is required, but can also be populated withauthorities(String...).
While it would be convenient to be able to use both, the intention of the method is to be a shortcut (alternative) for .authorities("ROLE_admin"). It seems equally easy to write .authorities("ROLE_admin", "write") in your case. Since what you suggest is a change in behavior and not just an enhancement, I don't think we should apply it. I'll go ahead and close this for now, but feel free to add more comments if you disagree with the decision.