I'm trying to understand Spring 3.0 authentication.
In the code below, why is user.getRole()
set as the GrantedAuthority
?
public final UserDetails loadUserByUsername(final String username)
{
final List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
UserAccount user = (UserAccount) memcacheService.get(username);
if (user == null)
{
final Query query = entityManager.createQuery("SELECT u FROM UserAccount u WHERE username = :username");
query.setParameter(USERNAME, username);
try
{
user = (UserAccount) query.getSingleResult();
memcacheService.put(username, user, Expiration.byDeltaSeconds(DEFAULT_EXPIRATION));
}
catch (NoResultException e)
{
return null;
}
}
authorities.add(new GrantedAuthorityImpl(user.getRole()));
return new EnhancedUser(user.getUsername(), user.getEmail(), user.getDisplayName(), user.getPassword(), user
.getSalt(), user.isEnabled(), user.isAccountNonExpired(), user.isCredentialsNonExpired(), user.isAccountNonLocked(),
authorities);
}