Project

General

Profile

bug #7033

protect User class methods from unauthorized use

Added by Andreas Kohlbecker about 1 year ago. Updated about 1 year ago.

Status:
New
Priority:
New
Assignee:
Andreas Kohlbecker
Category:
cdmlib
Target version:
Unassigned CDM tickets
Start date:
10/23/2017
Due date:
% Done:

0%

Severity:
normal
Found in Version:
Tags:
security permission

Description

A User can potentially modify it's User data without being explicitly being authorized to do so. In order to security issue sensitive date related to the User class should be protected. The Spring annotations @Secured and @RolesAllowed could be used for this purpose

  • getGrantedAuthorities() should return a immutable Collection and implement a addAuthority() and removeAuthority() method which can be protected with annotations
  • setGroups() should return a immutable Collection implemtent addGroup and removeGroup methods
  • setAccountNonLocked(), setCredentialsNonExpired(), setAccountNonExpired(), setUsername() need to be protected

History

#1 Updated by Andreas Müller about 1 year ago

  • Assignee changed from Andreas Müller to Andreas Kohlbecker

was this on purpose given to me?

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 40 MB)