SEC-1540: Namespace improperly handles method attribute when populating ChannelProcessingFilter.securityMetadataSource #1782

Closed
spring-issuemaster opened this Issue Aug 16, 2010 · 2 comments

1 participant

@spring-issuemaster

Rob Winch (Migrated from SEC-1540) said:

The namespace improperly handles the method attribute when populating ChannelProcessingFilter.securityMetadataSource. The problems differ between 3.0.x and 3.1.x. For 3.0.x the issue is that the method is ignored. The issue for 3.1.x is that if the path is /** the method is ignored. I have attached a patch with tests and a fix for both master and 3.0.x. Note that I included a test for 3.1.x that actually works but was broke in 3.0.x in order to ensure it continues to work. While it might be wise to refactor to reuse the logic in creating the securityMetadataSource, I did not do so to limit the scope of this change.

PS: I did not look at 2.x to see if it needed corrections.

@spring-issuemaster

Luke Taylor said:

Thanks a lot Rob. I've applied your patches

@spring-issuemaster

Rob Winch said:

No problem at all.

PS: Keep up the good work on Spring Security :)

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M1 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment