setCredentials() should let authenticated resource set its credentials without requiring permissions

acciente / oacc-core

OACC (Object ACcess Control) is an advanced Java Application Security Framework

http://oaccframework.org/

Apache License 2.0

107 stars 23 forks source link

setCredentials() should let authenticated resource set its credentials without requiring permissions #9

Closed fspinnenhirn closed 9 years ago

fspinnenhirn commented 9 years ago

The setCredentials() method should allow the authenticated resource to set its own credentials, even without explicit RESET-CREDENTIALS permission.

In other words, if the authenticated resource is trying to (re-)set its own credentials, the setCredentials() method should bypass the permission lookups and validation.