Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-30 22:23:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-3128: RoleVoter supports null Authentication

Browse Source
This commit is contained in:
Rob Winch 2015-10-29 14:04:55 -05:00
parent f232f5ef05
commit 56e41df964
2 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
core/src/main/java/org/springframework/security/access/vote/RoleVoter.java
View File

@ -92,6 +92,9 @@ public class RoleVoter implements AccessDecisionVoter<Object> {
}
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
if(authentication == null) {
return ACCESS_DENIED;
}
int result = ACCESS_ABSTAIN;
Collection<? extends GrantedAuthority> authorities = extractAuthorities(authentication);

10
core/src/test/java/org/springframework/security/access/vote/RoleVoterTests.java
View File

@ -1,6 +1,7 @@
package org.springframework.security.access.vote;
import static org.junit.Assert.*;
import static org.fest.assertions.Assertions.*;
import org.junit.Test;
import org.springframework.security.access.AccessDecisionVoter;
@ -21,4 +22,13 @@ public class RoleVoterTests {
// Vote on attribute list that has two attributes A and C (i.e. only one matching)
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(userAB, this, SecurityConfig.createList("A","C")));
}
// SEC-3128
@Test
public void nullAuthenticationDenies() {
RoleVoter voter = new RoleVoter();
voter.setRolePrefix("");
Authentication notAuthenitcated = null;
assertThat(voter.vote(notAuthenitcated, this, SecurityConfig.createList("A"))).isEqualTo(AccessDecisionVoter.ACCESS_DENIED);
}
}