Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1017: org.springframework.security.vote.UnanimousBased #1271

spring-issuemaster opened this Issue Oct 20, 2008 · 1 comment


None yet
1 participant

Manav Chauhan(Migrated from SEC-1017) said:

I am using “org.springframework.security.vote.UnanimousBased” with follwoing voters

1) roleVoter
2) customVoter

and have the following constraint on a method say ‘getName’


I am logged as a User with ROLE_TWO and CUSTOM_ADMIN permission. But I get Access denied because Role Voter fails after it finds out that I do not have ROLE_ONE and does not check for ROLE_TWO instead throws Access Denied.

Luke Taylor said:

This isn’t a bug, but the documented behaviour of the UnanimousBased AccessDecisionManager (read the Javadoc for the class).

The issue has been dealt with and discussed before – search Jira for “UnanimousBased”, and please do a search before raising new issues.

@spring-issuemaster spring-issuemaster added this to the 3.0.0 M1 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment