[
https://issues.jboss.org/browse/SEAMSECURITY-127?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shane Bryzak resolved SEAMSECURITY-127.
---------------------------------------
Fix Version/s: 3.1.0.Final
Resolution: Done
I've modified the SecurityInterceptor to check restrictions as follows:
1) Method restrictions are only taken into account for the method
implementation only. If a method overrides a method of a superclass, the
security restrictions are *not* inherited - each method implementation must
have its own restrictions.
2) Class restrictions *are* taken into account for the entire class hierarchy.
So if you have a class Foo that extends Bar, and class Foo has a security
binding @ABC and class Bar has a security binding @DEF, then invoking a method
on class Foo will require a successful security check for both @ABC and @DEF
security bindings.
> NullPointerException with Seam SecurityInterceptor
> --------------------------------------------------
>
> Key: SEAMSECURITY-127
> URL: https://issues.jboss.org/browse/SEAMSECURITY-127
> Project: Seam Security
> Issue Type: Bug
> Affects Versions: 3.0.0.Final
> Reporter: Bernard Labno
> Assignee: Shane Bryzak
> Priority: Critical
> Fix For: 3.1.0.Final
>
>
> If you annotate class with security binding annotation and you call method
> defined in superclass i.e. toString from Object then interceptor will check
> if there are security bindings defined on superclass (class declaring that
> method) and not on the subclass.
> Test case:
> https://github.com/cremersstijn/seam-security-bug-SecurityInterceptor
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
seam-issues mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/seam-issues
