(I'm still not sure how to file bug reports, and this is the fourth
serious bug I've found!)
AclAuthorizationStrategyImpl#securityCheck() has the following code:
Authentication authentication =
SecurityContextHolder.getContext().getAuthentication();
// Check if authorized by virtue of ACL ownership
Sid currentUser = new PrincipalSid(authentication);
The problem is that it's not checking whether the authentication already
contains a PrincipalSid. If so, the expected tests for equality fail
since it's comparing the original principal "Alice" to the new principal
"PrincipalSid[Alice]".
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
