SEC-1017: #1271

spring-issuemaster opened this Issue Oct 20, 2008 · 1 comment


None yet

1 participant


Manav Chauhan (Migrated from SEC-1017) said:

I am using “” with follwoing voters

1) roleVoter
2) customVoter

and have the following constraint on a method say ‘getName’


I am logged as a User with ROLE_TWO and CUSTOM_ADMIN permission. But I get Access denied because Role Voter fails after it finds out that I do not have ROLE_ONE and does not check for ROLE_TWO instead throws Access Denied.


Luke Taylor said:

This isn’t a bug, but the documented behaviour of the UnanimousBased AccessDecisionManager (read the Javadoc for the class).

The issue has been dealt with and discussed before – search Jira for “UnanimousBased”, and please do a search before raising new issues.

@spring-issuemaster spring-issuemaster added this to the 3.0.0 M1 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment