struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cam Morris (JIRA)" <>
Subject [jira] [Created] (WW-4118) Allow RolesInterceptor to validate role names
Date Wed, 19 Jun 2013 16:13:24 GMT
Cam Morris created WW-4118:

             Summary: Allow RolesInterceptor to validate role names
                 Key: WW-4118
             Project: Struts 2
          Issue Type: Improvement
            Reporter: Cam Morris
            Priority: Minor

Role names can be easily misconfigured resulting in security holes.  However app developers
typically known which roles are available in their environment.  A small tweak to RolesInterceptor
could make it easy for developers to have role verification.  When the roles are invalid the
RolesInterceptor could fail-fast, quickly bringing the issue to attention.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message