[EMAIL PROTECTED] wrote: > The method > org.acegisecurity. userdetails.User.equals > > requires that the GrantedAuthority values on the > two instance be in the same order. > > Unless there is some order dependency in the behavior, > does it make sense to require that the order be the > same for equality? Are not two User instances with > the same GrantedAuthoritys, no matter in what order, > equal() ?
We haven't expressly spelled out the UserDetails.equals(Object) contract either way. If we relaxed the iteration order restriction in User.equals(Object), it might result in inconsistent behavior if someone has configured AccessDecisionVoters or AfterInvocationProviders in complex ways that relied upon specific ordering. Namely, a developer might consider user1.equals(user2) yet receive different authorization or after invocation behavior when presenting these apparently "equal" user instances. I acknowledge that we need to specify the correct contract in the UserDetails.equals(Object) method. In terms of whether to preserve the ordering requirement or not, the conservative choice is to preserve it. Additionally, the Java Array class defines equality to mean same elements as well as same order (http://java.sun.com/j2se/1.5.0/docs/api/java/util/Arrays.html#equals(int[],%20int[])). I therefore think there is some justification for developers who may have relied upon iteration order in their configurations. Of course, I am open to persuasion if iteration order should be abandoned. I look forward to a lively debate! :-) Cheers Ben ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer