[SEC-2507] WebExpressionVoter - supported secured object class Created: 05/Mar/14  Updated: 06/Feb/16  Resolved: 10/Mar/14

Status: Closed
Project: Spring Security
Component/s: Web
Affects Version/s: 3.2.1
Fix Version/s: 3.1.6, 3.2.2

Type: Bug Priority: Minor
Reporter: Mateusz Wenus Assignee: Rob Winch
Resolution: Complete Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


It's probably a typo - WebExpressionVoter has the following method:

public boolean supports(Class<?> clazz) {
    return clazz.isAssignableFrom(FilterInvocation.class);

I think it should be:

public boolean supports(Class<?> clazz) {
    return FilterInvocation.class.isAssignableFrom(clazz);

because WebExpressionVoter should support subclasses of FilterInvocation.

Comment by Spring Issuemaster [ 06/Feb/16 ]

This issue has been migrated to https://github.com/spring-projects/spring-security/issues/2724

Generated at Fri Jan 24 04:44:26 UTC 2020 using Jira 7.13.8#713008-sha1:1606a5c1e7006e1ab135aac81f7a9566b2dbc3a6.