Aroucha / spring-security-facelets-taglib

Automatically exported from code.google.com/p/spring-security-facelets-taglib
0 stars 0 forks source link

SpringSecurityELLibrary: ifAllGranted is wrong #5

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
Hello Dominik.

I found the following bug in SpringSecurityELLibrary of your spring
security facelets library

    public static boolean ifAllGranted(final String grantedRoles) {
        Set<String> parsedAuthorities = parseAuthorities(grantedRoles);
        if (parsedAuthorities.isEmpty())
            return false;

        GrantedAuthority[] authorities = getUserAuthorities();
        for (GrantedAuthority authority : authorities) {
            if (!parsedAuthorities.contains(authority.getAuthority()))
                return false;
        }
        return true;

    }

To check if ALL are granted, you need to iterate over the parsed
authorities, not the granted ones.  This will return true if the user has
no other authorities than the given one.

Good luck with your thesis!

Regards,
J Hendrickx

Original issue reported on code.google.com by dominik....@gmail.com on 18 Aug 2009 at 5:57

GoogleCodeExporter commented 8 years ago

Original comment by dominik....@gmail.com on 18 Aug 2009 at 6:13

GoogleCodeExporter commented 8 years ago
Resolved in trunk. added Testcase to prevent further errors with it. Still need 
to
bundle new version for it. 

Original comment by dominik....@gmail.com on 28 Aug 2009 at 3:42

GoogleCodeExporter commented 8 years ago
Issue is fixed in version 0.2 available from the project homepage and maven.

Original comment by dominik....@gmail.com on 8 Sep 2009 at 3:23