SEC-2507: WebExpressionVoter - supported secured object class #2724

spring-issuemaster opened this Issue Mar 5, 2014 · 0 comments


None yet
2 participants

Mateusz Wenus (Migrated from SEC-2507) said:

It's probably a typo - WebExpressionVoter has the following method:

public boolean supports(Class<?> clazz) {
    return clazz.isAssignableFrom(FilterInvocation.class);

I think it should be:

public boolean supports(Class<?> clazz) {
    return FilterInvocation.class.isAssignableFrom(clazz);

because WebExpressionVoter should support subclasses of FilterInvocation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment