bug #7033: protect User class methods from unauthorized use - EDIT - EDIT Project Management

Actions

Copy link

bug #7033

open

protect User class methods from unauthorized use

Added by Andreas Kohlbecker over 5 years ago. Updated over 5 years ago.

Status:

New

Priority:

New

Assignee:

Andreas Kohlbecker

Category:

cdmlib

Target version:

Unassigned CDM tickets

Start date:

Due date:

% Done:

Estimated time:

Severity:

normal

Found in Version:

Tags:

security permission

Description

A User can potentially modify it's User data without being explicitly being authorized to do so. In order to security issue sensitive date related to the User class should be protected. The Spring annotations @Secured and @RolesAllowed could be used for this purpose

getGrantedAuthorities() should return a immutable Collection and implement a addAuthority() and removeAuthority() method which can be protected with annotations
setGroups() should return a immutable Collection implemtent addGroup and removeGroup methods
setAccountNonLocked(), setCredentialsNonExpired(), setAccountNonExpired(), setUsername() need to be protected

Actions

Copy link

Updated by Andreas Müller over 5 years ago

Assignee changed from Andreas Müller to Andreas Kohlbecker

was this on purpose given to me?

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

EDIT

Custom queries

bug #7033

protect User class methods from unauthorized use

Updated by Andreas Müller over 5 years ago