Bob Rowden (Migrated from SEC-1282) said:
Overall Spring Security is AWESOME and you guys are doing a great job!
However, I am convinced I found either a bug or Doc error in UnanimousBased AccessDecisionManager.
The API doc says "grants access if only grant votes were received" but I am certain I got it to grant access when one of the votes was an Abstention.
Or if this is not a bug, please clarify API to say
"grants access if only grant or abstained votes were received"
Thanks so much and keep up the great work!!
Spring Security Rocks!
Luke Taylor said:
Thanks. The class Javadoc is pretty clear that abstain or grant votes are required but I've clarifed the method Javadoc for the "decide" method to match.
Bob Rowden said:
Yes. Sorry I should have specified that it was the Javadoc in the "decide" method that was hurting me. Thank you for clearing it up.