[seam-issues] [JBoss JIRA] (SEAMSECURITY-127) NullPointerException with Seam SecurityInterceptor

Shane Bryzak (Resolved) (JIRA) jira-events at lists.jboss.org
Thu Dec 8 07:45:40 EST 2011 

     [ https://issues.jboss.org/browse/SEAMSECURITY-127?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Shane Bryzak resolved SEAMSECURITY-127.
---------------------------------------

    Fix Version/s: 3.1.0.Final
       Resolution: Done


I've modified the SecurityInterceptor to check restrictions as follows:

1) Method restrictions are only taken into account for the method implementation only.  If a method overrides a method of a superclass, the security restrictions are *not* inherited - each method implementation must have its own restrictions.

2) Class restrictions *are* taken into account for the entire class hierarchy.  So if you have a class Foo that extends Bar, and class Foo has a security binding @ABC and class Bar has a security binding @DEF, then invoking a method on class Foo will require a successful security check for both @ABC and @DEF security bindings.
                
> NullPointerException with Seam SecurityInterceptor
> --------------------------------------------------
>
>                 Key: SEAMSECURITY-127
>                 URL: https://issues.jboss.org/browse/SEAMSECURITY-127
>             Project: Seam Security
>          Issue Type: Bug
>    Affects Versions: 3.0.0.Final
>            Reporter: Bernard Labno
>            Assignee: Shane Bryzak
>            Priority: Critical
>             Fix For: 3.1.0.Final
>
>
> If you annotate class with security binding annotation and you call method defined in superclass i.e. toString from Object then interceptor will check if there are security bindings defined on superclass (class declaring that method) and not on the subclass.
> Test case: https://github.com/cremersstijn/seam-security-bug-SecurityInterceptor 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list