Startsida Utforska Hjälp
Registrera dig Logga in
github
/
spring-security
spegling av https://github.com/spring-projects/spring-security
2
0
Fork 0
Filer Ärenden 0 Wiki
Bläddra i källkod

SEC-1384: Removed check for empty authority list from DefaultWebInvocationPrivilegeEvaluator.

The class previously rejected access if the user had no authorities. It will now allow the AccessDecisionManager to make the decision.
Luke Taylor 15 år sedan
förälder
8720966d20
incheckning
984604b026
1 ändrade filer med 1 tillägg och 1 borttagningar
Unifierad Vy Visa Diff Statistik
  1. 1 1
      web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java

+ 1 - 1
web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
Visa fil 

@@ -129,7 +129,7 @@ public class DefaultWebInvocationPrivilegeEvaluator implements WebInvocationPriv
 
             return true;
 
             return true;
 
         }
 
         }
 
 
 
-        if (authentication == null || authentication.getAuthorities().isEmpty()) {
 
+        if (authentication == null) {
 
             return false;
 
             return false;
 
         }
 
         }