Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Handle Empty Role 

Closes gh-13079
This commit is contained in:
Josh Cummings 2023-04-24 12:49:30 -06:00
parent e3cc8d13e8
commit 73a543d318
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/src/main/java/org/springframework/security/authorization/AuthorityAuthorizationManager.java
View File

@ -130,7 +130,7 @@ public final class AuthorityAuthorizationManager<T> implements AuthorizationMana
String[] result = new String[roles.length];
for (int i = 0; i < roles.length; i++) {
String role = roles[i];
Assert.isTrue(!role.startsWith(rolePrefix), () -> role + " should not start with " + rolePrefix + " since "
Assert.isTrue(rolePrefix.isEmpty() || !role.startsWith(rolePrefix), () -> role + " should not start with " + rolePrefix + " since "
+ rolePrefix
+ " is automatically prepended when using hasAnyRole. Consider using hasAnyAuthority instead.");
result[i] = rolePrefix + role;

5
core/src/test/java/org/springframework/security/authorization/AuthorityAuthorizationManagerTests.java
View File

@ -266,4 +266,9 @@ public class AuthorityAuthorizationManagerTests {
assertThat(manager.check(authentication, object).isGranted()).isTrue();
}
// gh-13079
@Test
void hasAnyRoleWhenEmptyRolePrefixThenNoException() {
AuthorityAuthorizationManager.hasAnyRole("", new String[] { "USER" });
}
}