[Lada-commits] [PATCH 2 of 3] Do not authorize everything unknown
Wald Commits
scm-commit at wald.intevation.org
Fri Sep 30 15:29:24 CEST 2016
# HG changeset patch
# User Tom Gottfried <tom at intevation.de>
# Date 1475241844 -7200
# Node ID 02915a07e186c74aa1987a4927deed2fae92bcdf
# Parent f78f904460849cdeed0f0dab9a0ed2c9b12aaf42
Do not authorize everything unknown.
diff -r f78f90446084 -r 02915a07e186 src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java
--- a/src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java Fri Sep 30 15:21:55 2016 +0200
+++ b/src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java Fri Sep 30 15:24:04 2016 +0200
@@ -164,9 +164,9 @@
return false;
}
Authorizer authorizer = authorizers.get(clazz);
- //This is a hack... Allows wildcard for unknown classes.
+ // Do not authorize anything unknown
if (authorizer == null) {
- return true;
+ return false;
}
return authorizer.isAuthorized(data, method, userInfo, clazz);
}
More information about the Lada-commits
mailing list