Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-4118

Allow RolesInterceptor to validate role names

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.3.16
    • Component/s: None
    • Labels:
      None
    • Flags:
      Patch

      Description

      Role names can be easily misconfigured resulting in security holes. However app developers typically known which roles are available in their environment. A small tweak to RolesInterceptor could make it easy for developers to have role verification. When the roles are invalid the RolesInterceptor could fail-fast, quickly bringing the issue to attention.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                lukaszlenart Lukasz Lenart
                Reporter:
                cmorris_partnet Cam Morris
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: