SEC-1282: Possible Bug - UnanimousBased Incorrectly Grants When One Of The Votes Is An Absension #1531

Closed
spring-issuemaster opened this Issue Oct 30, 2009 · 2 comments

1 participant

@spring-issuemaster

Bob Rowden (Migrated from SEC-1282) said:

Overall Spring Security is AWESOME and you guys are doing a great job!

However, I am convinced I found either a bug or Doc error in UnanimousBased AccessDecisionManager.

The API doc says "grants access if only grant votes were received" but I am certain I got it to grant access when one of the votes was an Abstention.

Or if this is not a bug, please clarify API to say
"grants access if only grant or abstained votes were received"

Thanks so much and keep up the great work!!
Spring Security Rocks!

@spring-issuemaster

Luke Taylor said:

Thanks. The class Javadoc is pretty clear that abstain or grant votes are required but I've clarifed the method Javadoc for the "decide" method to match.

@spring-issuemaster

Bob Rowden said:

Yes. Sorry I should have specified that it was the Javadoc in the "decide" method that was hurting me. Thank you for clearing it up.
--Bob

@spring-issuemaster spring-issuemaster added this to the 3.0.0.RC2 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment