-
-
Notifications
You must be signed in to change notification settings - Fork 9.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AccessDecisionManager does not validate the passed strategy #8646
Comments
@denderello I think adding a check is a good idea. Can you provide a PR ? |
Sure. I will try to get one ready today. Otherwise I will have it ready On Fri, Aug 9, 2013 at 11:51 AM, Christophe Coevoet <
|
This PR was merged into the master branch. Discussion ---------- [Security] Added a check for strategies in AccessDecisionManager | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #8646 | License | MIT Commits ------- ee36380 [Security] Added a check for strategies in AccessDecisionManager
I think now that #8710 is merged this one can be closed, right? |
Right now the AccessDecisionManager does not validate the strategy passed via the constructor. Since the SecurityBundle is not validating the strategy either, users will end up in a fatal error when they pass a strategy name that cannot be converted to a corresponding decision method (e.g. with a typo).
You can easily reproduce this with the following configuration in your security.yml:
which will produce an exception like this on a Symfony based project:
Can we add a validation check for the passed strategy during the construction of AccessDecisionManager instances? I would volunteer to create a PR for this.
The text was updated successfully, but these errors were encountered: