Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-162: Properly handle null Authentication.

This commit is contained in:
Ben Alex 2006-01-28 01:24:52 +00:00
parent c8c7c24822
commit 0c89822c56
1 changed files with 1 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
core/src/main/java/org/acegisecurity/intercept/method/MethodInvocationPrivilegeEvaluator.java
View File

@ -64,9 +64,6 @@ public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
} }
public boolean isAllowed(MethodInvocation mi, Authentication authentication) { public boolean isAllowed(MethodInvocation mi, Authentication authentication) {
Assert.notNull(authentication, "Authentication required");
Assert.notNull(authentication.getAuthorities(),
"Authentication must provided non-null GrantedAuthority[]s");
Assert.notNull(mi, "MethodInvocation required"); Assert.notNull(mi, "MethodInvocation required");
Assert.notNull(mi.getMethod(), Assert.notNull(mi.getMethod(),
"MethodInvocation must provide a non-null getMethod()"); "MethodInvocation must provide a non-null getMethod()");
@ -82,7 +79,7 @@ public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
return true; return true;
} }
if (authentication == null) { if (authentication == null || authentication.getAuthorities() == null || authentication.getAuthorities().length == 0) {
return false; return false;
} }