Announcement Announcement Module
Collapse
No announcement yet.
AffirmativeBased bug (2.0.3) Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • AffirmativeBased bug (2.0.3)

    I know that this is occurring in an older version but since I did not check the current version to see if the issue is still there I would write it here...

    It not really a bug but more like a performance issue. The loop below should terminate right away when a single deny is encounter


    Code:
    public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
            throws AccessDeniedException {
            Iterator iter = this.getDecisionVoters().iterator();
            int deny = 0;
    
            while (iter.hasNext()) {
                AccessDecisionVoter voter = (AccessDecisionVoter) iter.next();
                int result = voter.vote(authentication, object, config);
    
                switch (result) {
                case AccessDecisionVoter.ACCESS_GRANTED:
                    return;
    
                case AccessDecisionVoter.ACCESS_DENIED:
                    deny++;
    
                    break;
    
                default:
                    break;
                }
            }
    
            if (deny > 0) {
                throw new AccessDeniedException(messages.getMessage("AbstractAccessDecisionManager.accessDenied",
                        "Access is denied"));

    A very easy fix is this

    Code:
    while (iter.hasNext() && deny == 0) {

  • #2
    It's not a bug. Check the Javadoc. AffirmativeBase "Denies access only if there was a deny vote AND no affirmative votes".

    Breaking without checking all voters will break that contract.

    Comment


    • #3
      Makes perfect sense - my bad!

      Originally posted by Luke Taylor View Post
      It's not a bug. Check the Javadoc. AffirmativeBase "Denies access only if there was a deny vote AND no affirmative votes".


      Breaking without checking all voters will break that contract.

      Comment

      Working...
      X