From c8c37c8935a06b0f274c0825257508c5c984b0e7 Mon Sep 17 00:00:00 2001 From: Ben Alex Date: Wed, 23 May 2007 07:04:22 +0000 Subject: [PATCH] SEC-439: Do not modify the object (ie replace it with null) unless the provider is supposed to fire according to the processDomainObjectClass property. --- .../afterinvocation/AclEntryAfterInvocationProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/src/main/java/org/acegisecurity/afterinvocation/AclEntryAfterInvocationProvider.java b/core/src/main/java/org/acegisecurity/afterinvocation/AclEntryAfterInvocationProvider.java index a3a2a18acd..4887600caa 100644 --- a/core/src/main/java/org/acegisecurity/afterinvocation/AclEntryAfterInvocationProvider.java +++ b/core/src/main/java/org/acegisecurity/afterinvocation/AclEntryAfterInvocationProvider.java @@ -92,7 +92,7 @@ public class AclEntryAfterInvocationProvider extends AbstractAclProvider impleme logger.debug("Return object is not applicable for this provider, skipping"); } - return null; + return returnedObject; } if (hasPermission(authentication, returnedObject)) {