12:02 p.m.
NullPointerException with Seam SecurityInterceptor
--------------------------------------------------
Key: SEAMSECURITY-127
URL: https://issues.jboss.org/browse/SEAMSECURITY-127
Project: Seam Security
Issue Type: Bug
Affects Versions: 3.0.0.Final
Reporter: Bernard Labno
Priority: Critical
If you annotate class with security binding annotation and you call method defined in
superclass i.e. toString from Object then interceptor will check if there are security
bindings defined on superclass (class declaring that method) and not on the subclass.
Test case: https://github.com/cremersstijn/seam-security-bug-SecurityInterceptor
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
11:38 p.m.
[
https://issues.jboss.org/browse/SEAMSECURITY-127?page=com.atlassian.jira....
]
Shane Bryzak reassigned SEAMSECURITY-127:
-----------------------------------------
Assignee: Shane Bryzak
NullPointerException with Seam SecurityInterceptor
--------------------------------------------------
Key: SEAMSECURITY-127
URL: https://issues.jboss.org/browse/SEAMSECURITY-127
Project: Seam Security
Issue Type: Bug
Affects Versions: 3.0.0.Final
Reporter: Bernard Labno
Assignee: Shane Bryzak
Priority: Critical
If you annotate class with security binding annotation and you call method defined in
superclass i.e. toString from Object then interceptor will check if there are security
bindings defined on superclass (class declaring that method) and not on the subclass.
Test case: https://github.com/cremersstijn/seam-security-bug-SecurityInterceptor
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
6:45 a.m.
[
https://issues.jboss.org/browse/SEAMSECURITY-127?page=com.atlassian.jira....
]
Shane Bryzak resolved SEAMSECURITY-127.
---------------------------------------
Fix Version/s: 3.1.0.Final
Resolution: Done
I've modified the SecurityInterceptor to check restrictions as follows:
1) Method restrictions are only taken into account for the method implementation only. If
a method overrides a method of a superclass, the security restrictions are *not* inherited
- each method implementation must have its own restrictions.
2) Class restrictions *are* taken into account for the entire class hierarchy. So if you
have a class Foo that extends Bar, and class Foo has a security binding @ABC and class Bar
has a security binding @DEF, then invoking a method on class Foo will require a successful
security check for both @ABC and @DEF security bindings.
NullPointerException with Seam SecurityInterceptor
--------------------------------------------------
Key: SEAMSECURITY-127
URL: https://issues.jboss.org/browse/SEAMSECURITY-127
Project: Seam Security
Issue Type: Bug
Affects Versions: 3.0.0.Final
Reporter: Bernard Labno
Assignee: Shane Bryzak
Priority: Critical
Fix For: 3.1.0.Final
If you annotate class with security binding annotation and you call method defined in
superclass i.e. toString from Object then interceptor will check if there are security
bindings defined on superclass (class declaring that method) and not on the subclass.
Test case: https://github.com/cremersstijn/seam-security-bug-SecurityInterceptor
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
4767
days inactive
4791
days old
2 comments
3 participants
participants (3)
-
Bernard Labno (Created) (JIRA) -
Shane Bryzak (Assigned) (JIRA)
-
Shane Bryzak (Resolved) (JIRA)