Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-1061

in memory user authorities() overrides roles()

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Security
    • Environment:
      Spring Security

      Description

       

      SecurityConfiguration extends WebSecurityConfigurerAdapter

      configure(AuthenticationManagerBuilder builder)

      inMemoryAuthentication()

      .roles(SOME_ROLE)

      .authorities(ADDITIONAL_AUTHORITIES)

       

      calling authorities() after adding roles using roles() will override the previously added roles

      in org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer

      each call to authorities() or roles() will override previously added authorities

       

      BUG FIX:

      each additional call should ADD to the previously added authorities

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              vladpaln Vadim Palnikov
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:

                Time Tracking

                Estimated:
                Original Estimate - 0.5d
                0.5d
                Remaining:
                Remaining Estimate - 0.5d
                0.5d
                Logged:
                Time Spent - Not Specified
                Not Specified