Actions
bug #7033
openprotect User class methods from unauthorized use
Status:
New
Priority:
New
Assignee:
Category:
cdmlib
Target version:
Start date:
Due date:
% Done:
0%
Estimated time:
Severity:
normal
Found in Version:
Description
A User can potentially modify it's User
data without being explicitly being authorized to do so. In order to security issue sensitive date related to the User
class should be protected. The Spring annotations @Secured and @RolesAllowed could be used for this purpose
- getGrantedAuthorities() should return a immutable Collection and implement a addAuthority() and removeAuthority() method which can be protected with annotations
- setGroups() should return a immutable Collection implemtent addGroup and removeGroup methods
- setAccountNonLocked(), setCredentialsNonExpired(), setAccountNonExpired(), setUsername() need to be protected
Updated by Andreas Müller over 5 years ago
- Assignee changed from Andreas Müller to Andreas Kohlbecker
was this on purpose given to me?
Actions