From a6cd1b6066c8edceb33a8908e44acfc4dc03c93a Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@gopivotal.com>
Date: Mon, 13 Jul 2015 23:57:14 -0500
Subject: [PATCH] SEC-3034: AclPermissionEvaluator specifies Locale.ENGLISH

---
 .../security/acls/AclPermissionEvaluator.java |  6 +++--
 .../acls/AclPermissionEvaluatorTests.java     | 24 +++++++++++++++++++
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java b/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
index adfddd1c6a..e5185fb2df 100644
--- a/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
+++ b/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
@@ -3,6 +3,7 @@ package org.springframework.security.acls;
 import java.io.Serializable;
 import java.util.Arrays;
 import java.util.List;
+import java.util.Locale;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -121,8 +122,9 @@ public class AclPermissionEvaluator implements PermissionEvaluator {
 
             try {
                 p = permissionFactory.buildFromName(permString);
-            } catch(IllegalArgumentException notfound) {
-                p = permissionFactory.buildFromName(permString.toUpperCase());
+            }
+            catch (IllegalArgumentException notfound) {
+                p = permissionFactory.buildFromName(permString.toUpperCase(Locale.ENGLISH));
             }
 
             if (p != null) {
diff --git a/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java b/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java
index d07db14622..915c7d410e 100644
--- a/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java
+++ b/acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java
@@ -4,6 +4,8 @@ import static org.junit.Assert.assertTrue;
 import static org.mockito.Matchers.*;
 import static org.mockito.Mockito.*;
 
+import java.util.Locale;
+
 import org.junit.Test;
 import org.springframework.security.acls.model.Acl;
 import org.springframework.security.acls.model.AclService;
@@ -36,4 +38,26 @@ public class AclPermissionEvaluatorTests {
 
         assertTrue(pe.hasPermission(mock(Authentication.class), new Object(), "READ"));
     }
+
+    @Test
+    public void resolvePermissionNonEnglishLocale() {
+        Locale systemLocale = Locale.getDefault();
+        Locale.setDefault(new Locale("tr"));
+
+        AclService service = mock(AclService.class);
+        AclPermissionEvaluator pe = new AclPermissionEvaluator(service);
+        ObjectIdentity oid = mock(ObjectIdentity.class);
+        ObjectIdentityRetrievalStrategy oidStrategy = mock(ObjectIdentityRetrievalStrategy.class);
+        when(oidStrategy.getObjectIdentity(anyObject())).thenReturn(oid);
+        pe.setObjectIdentityRetrievalStrategy(oidStrategy);
+        pe.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
+        Acl acl = mock(Acl.class);
+
+        when(service.readAclById(any(ObjectIdentity.class), anyList())).thenReturn(acl);
+        when(acl.isGranted(anyList(), anyList(), eq(false))).thenReturn(true);
+
+        assertTrue(pe.hasPermission(mock(Authentication.class), new Object(), "write"));
+
+        Locale.setDefault(systemLocale);
+    }
 }