AccessDecisionManager does not validate the passed strategy #8646
Comments
|
@denderello I think adding a check is a good idea. Can you provide a PR ? |
|
Sure. I will try to get one ready today. Otherwise I will have it ready On Fri, Aug 9, 2013 at 11:51 AM, Christophe Coevoet <
|
fabpot
added a commit
that referenced
this issue
Aug 13, 2013
This PR was merged into the master branch. Discussion ---------- [Security] Added a check for strategies in AccessDecisionManager | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #8646 | License | MIT Commits ------- ee36380 [Security] Added a check for strategies in AccessDecisionManager
|
I think now that #8710 is merged this one can be closed, right? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Right now the AccessDecisionManager does not validate the strategy passed via the constructor. Since the SecurityBundle is not validating the strategy either, users will end up in a fatal error when they pass a strategy name that cannot be converted to a corresponding decision method (e.g. with a typo).
You can easily reproduce this with the following configuration in your security.yml:
which will produce an exception like this on a Symfony based project:
Can we add a validation check for the passed strategy during the construction of AccessDecisionManager instances? I would volunteer to create a PR for this.
The text was updated successfully, but these errors were encountered: