Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1540: Namespace improperly handles method attribute when populating ChannelProcessingFilter.securityMetadataSource #1782

spring-issuemaster opened this Issue Aug 16, 2010 · 2 comments


None yet
1 participant

Rob Winch (Migrated from SEC-1540) said:

The namespace improperly handles the method attribute when populating ChannelProcessingFilter.securityMetadataSource. The problems differ between 3.0.x and 3.1.x. For 3.0.x the issue is that the method is ignored. The issue for 3.1.x is that if the path is /** the method is ignored. I have attached a patch with tests and a fix for both master and 3.0.x. Note that I included a test for 3.1.x that actually works but was broke in 3.0.x in order to ensure it continues to work. While it might be wise to refactor to reuse the logic in creating the securityMetadataSource, I did not do so to limit the scope of this change.

PS: I did not look at 2.x to see if it needed corrections.

Luke Taylor said:

Thanks a lot Rob. I've applied your patches

Rob Winch said:

No problem at all.

PS: Keep up the good work on Spring Security :)

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M1 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment