Project

General

Profile

Actions

bug #7033

open

protect User class methods from unauthorized use

Added by Andreas Kohlbecker over 5 years ago. Updated over 5 years ago.

Status:
New
Priority:
New
Category:
cdmlib
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Severity:
normal
Found in Version:

Description

A User can potentially modify it's User data without being explicitly being authorized to do so. In order to security issue sensitive date related to the User class should be protected. The Spring annotations @Secured and @RolesAllowed could be used for this purpose

  • getGrantedAuthorities() should return a immutable Collection and implement a addAuthority() and removeAuthority() method which can be protected with annotations
  • setGroups() should return a immutable Collection implemtent addGroup and removeGroup methods
  • setAccountNonLocked(), setCredentialsNonExpired(), setAccountNonExpired(), setUsername() need to be protected
Actions #1

Updated by Andreas Müller over 5 years ago

  • Assignee changed from Andreas Müller to Andreas Kohlbecker

was this on purpose given to me?

Actions

Also available in: Atom PDF