SEC-2507: WebExpressionVoter - supported secured object class #2724

Closed
spring-issuemaster opened this Issue Mar 5, 2014 · 0 comments

Comments

Projects
None yet
2 participants
@spring-issuemaster

Mateusz Wenus (Migrated from SEC-2507) said:

It's probably a typo - WebExpressionVoter has the following method:

public boolean supports(Class<?> clazz) {
    return clazz.isAssignableFrom(FilterInvocation.class);
}

I think it should be:

public boolean supports(Class<?> clazz) {
    return FilterInvocation.class.isAssignableFrom(clazz);
}

because WebExpressionVoter should support subclasses of FilterInvocation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment