On 19/03/2013 11:14, [email protected] wrote:
Dear Sir or Madam,
I have a question about syncope 1.1.0-SNAPSHOT.
The following is an excerpt of the method create in UserServiceImpl:
UserTO created = userController.createInternal(userTO);
But there is no annotation @preAuthorize at the method createInternal in UserController.
Could it be a Bug? I mean, the method createInternal can be invoked by the user without a
role "USER_CREATE". Other *internal methods in UserController potentially have
the same problem.
Hi,
thanks for reporting this: I've opened SYNCOPE-338 to track it.
Regards.
--
Francesco Chicchiriccò
ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
http://people.apache.org/~ilgrosso/
