Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-4118

Allow RolesInterceptor to validate role names

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • None
    • 2.3.16
    • None
    • None
    • Patch

    Description

      Role names can be easily misconfigured resulting in security holes. However app developers typically known which roles are available in their environment. A small tweak to RolesInterceptor could make it easy for developers to have role verification. When the roles are invalid the RolesInterceptor could fail-fast, quickly bringing the issue to attention.

      Attachments

        Issue Links

        is related to

        Bug - A problem which impairs or prevents the functions of the product. WW-4117 RolesInterceptor ignores disallowedRoles when allowedRoles are configured

        • Major - Major loss of function.
        • Closed

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            lukaszlenart Lukasz Lenart
            cmorris_partnet Cam Morris
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment