SEC-47: AbstractSecurityInterceptor default to reject public invocations #311
Labels
in: core
An issue in spring-security-core
type: enhancement
A general enhancement
type: jira
An issue that was migrated from JIRA
Milestone
Comments
|
Ben Alex said: See SEC-18 MethodInvocationPrivilegeEvaluator as it will need modification when this task is implemented. |
|
Ben Alex said: New rejectPublicInvocations property added. By default it is false, meaning secure objects without configuration attributes will continue to be treated as “public” or unauthorized. See JavaDocs for this property for full details. Also modified MethodInvocationPrivilegeEvaluator (SEC-18) to work with these changes. Unit tests pass. |
spring-projects-issues
added
in: core
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
Ben Alex(Migrated from SEC-47) said:
AbstractSecurityInterceptor should have a new property, rejectPublicInvocations, which by default will ensure that any public / non-secure invocations are rejected. This is now possible due to the existence of anonymous authentication services in Acegi Security.
The text was updated successfully, but these errors were encountered: