[WW-4117] RolesInterceptor ignores disallowedRoles when allowedRoles are configured - ASF JIRA

Voters

Watch issue

Watchers

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.3.16
Component/s: Core Interceptors
Labels:
None

Flags:

Patch

Description

The isAllowed method of RolesInterceptor does not enforce the disallowedRoles when allowedRoles are configured. ex:

    
<interceptor-ref name="roles">
  <param name="allowedRoles">authenticated</param>
  <param name="disallowedRoles">restrictedUser</param>
</interceptor-ref>

With the above configuration a user with the roles "authenticated", and "restrictedUser" would be granted access.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Manage Attachments

patch.txt
19/Jun/13 16:20
9 kB
Cam Morris

Issue Links

Add Link

relates to

WW-4118 Allow RolesInterceptor to validate role names

Closed

Delete this link

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Lukasz Lenart

Reporter:: Cam Morris

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 19/Jun/13 16:04

Updated:: 08/Dec/13 17:21

Resolved:: 16/Oct/13 13:39

Agile

View on Board

RolesInterceptor ignores disallowedRoles when allowedRoles are configured

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Agile

Slack

Issue deployment