setResourceCreatePermissions() does not perform strict validation of requested create permissions against specified resource class

acciente / oacc-core

OACC (Object ACcess Control) is an advanced Java Application Security Framework

http://oaccframework.org/

Apache License 2.0

107 stars 23 forks source link

setResourceCreatePermissions() does not perform strict validation of requested create permissions against specified resource class #5

Closed fspinnenhirn closed 9 years ago

fspinnenhirn commented 9 years ago

setResourceCreatePermissions() does not currently perform a strict enough early validation of the requested create permissions against the specified resource class.

Todo:

validate RESET_CREDENTIALS and IMPERSONATE system permissions only apply to authenticatable resource classes
add test cases