Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

SEC-1384: Removed check for empty authority list from DefaultWebInvocationPrivilegeEvaluator.

The class previously rejected access if the user had no authorities. It will now allow the AccessDecisionManager to make the decision.
Luke Taylor 15 years ago
parent
8720966d20
commit
984604b026
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java

+ 1 - 1
web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
View File 

@@ -129,7 +129,7 @@ public class DefaultWebInvocationPrivilegeEvaluator implements WebInvocationPriv
 
             return true;
 
         }
 
 
-        if (authentication == null || authentication.getAuthorities().isEmpty()) {
 
+        if (authentication == null) {
 
             return false;
 
         }