Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-4118

Allow RolesInterceptor to validate role names

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • None
    • 2.3.16
    • None
    • None
    • Patch

    Description

      Role names can be easily misconfigured resulting in security holes. However app developers typically known which roles are available in their environment. A small tweak to RolesInterceptor could make it easy for developers to have role verification. When the roles are invalid the RolesInterceptor could fail-fast, quickly bringing the issue to attention.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. WW-4117 RolesInterceptor ignores disallowedRoles when allowedRoles are configured

          • Major - Major loss of function.
          • Closed

          Activity

            People

              lukaszlenart Lukasz Lenart
              cmorris_partnet Cam Morris
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: