SEC-31: Consider returning a Vote object in AccessDecisionVoter interface #296
Labels
in: core
An issue in spring-security-core
status: declined
A suggestion or change that we don't feel we should currently apply
type: enhancement
A general enhancement
type: jira
An issue that was migrated from JIRA
Milestone
Comments
|
Ben Alex said: Creating an AccessDeniedException is the responsibility of the AccessDecisionManager, not the AccessDecisionVoter. A complicating factor is if multiple votes to grant and deny are received concurrently – what should the exception message comprise? A solution might be to develop an AccessDecisionManager that can accept a list of AccessDecisionVoters, together with a message code (for lookup from a resource bundle) that is used in the event of a vote to deny access. The deny access votes could then be concatenated into the exception text. This approach avoids the need to break backward compatibility by modifying the existing integer-based voting mechanism. |
spring-projects-issues
added
in: core
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
Ben Alex(Migrated from SEC-31) said:
As per Keith’s suggestion, consider returning a Vote object instead of ints, such that a reason for a decline vote can be given for UI display.
The text was updated successfully, but these errors were encountered: