Hi Bear Please log all bugs in our JIRA instance, so they're appropriately tracked and reviewed. All bug reports should ideally contain a unit test which provides an ongoing test that the bug has been fixed and not reintroduced. Patches with bug reports are particularly welcome and will be applied expeditiously.
You can log JIRA issues here: http://opensource.atlassian.com/projects/spring/secure/BrowseProject.jspa?id=10040 You can read the project policies, which contains details of how the project works, here: http://www.acegisecurity.org/policies.html Thanks for your interest in the project and assistance with identifying problems with the ACL features. Cheers Ben Giles, Bear wrote: > > (I’m still not sure how to file bug reports, and this is the fourth > serious bug I’ve found!) > > AclAuthorizationStrategyImpl#securityCheck() has the following code: > > Authentication authentication = > SecurityContextHolder.getContext().getAuthentication(); > > // Check if authorized by virtue of ACL ownership > > Sid currentUser = new PrincipalSid(authentication); > > The problem is that it’s not checking whether the authentication > already contains a PrincipalSid. If so, the expected tests for > equality fail since it’s comparing the original principal “Alice” to > the new principal “PrincipalSid[Alice]”. > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > ------------------------------------------------------------------------ > > _______________________________________________ > Home: http://acegisecurity.org > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer