Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-1384: Removed check for empty authority list from DefaultWebInvocationPrivilegeEvaluator. 

The class previously rejected access if the user had no authorities. It will now allow the AccessDecisionManager to make the decision.
This commit is contained in:
Luke Taylor 2010-01-28 17:10:10 +00:00
parent 8720966d20
commit 984604b026
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
View File

@ -129,7 +129,7 @@ public class DefaultWebInvocationPrivilegeEvaluator implements WebInvocationPriv
return true;
}
if (authentication == null || authentication.getAuthorities().isEmpty()) {
if (authentication == null) {
return false;
}