cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Kulp (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CXF-4288) SecureAnnotationsInterceptor maps roles only based on method name
Date Fri, 04 May 2012 18:00:55 GMT

     [ https://issues.apache.org/jira/browse/CXF-4288?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Daniel Kulp updated CXF-4288:
-----------------------------

          Description: The SecureAnnotationsInterceptor maps the roles into the method map
only based on the method name.  If the class in question is using overloaded methods with
different roles for each method, this can result in the wrong roles being applied to the authorization.
  The map needs to take into account the params/returns as well.  (was: 
The SecureAnnotationsInterceptor maps the roles into the method map only based on the method
name.  If the class in question is using overloaded methods with different roles for each
method, this can result in the wrong roles being applied to the authorization.   The map needs
to take into account the params/returns as well.)
    Affects Version/s: 2.3.10
                       2.4.7
                       2.5.3
        Fix Version/s: 2.3.11
                       2.4.8
                       2.5.4
    
> SecureAnnotationsInterceptor maps roles only based on method name
> -----------------------------------------------------------------
>
>                 Key: CXF-4288
>                 URL: https://issues.apache.org/jira/browse/CXF-4288
>             Project: CXF
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.3.10, 2.4.7, 2.5.3, 2.6
>            Reporter: Daniel Kulp
>            Assignee: Daniel Kulp
>             Fix For: 2.6.1, 2.5.4, 2.4.8, 2.3.11
>
>
> The SecureAnnotationsInterceptor maps the roles into the method map only based on the
method name.  If the class in question is using overloaded methods with different roles for
each method, this can result in the wrong roles being applied to the authorization.   The
map needs to take into account the params/returns as well.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message