[SEC-2507] WebExpressionVoter - supported secured object class Created: 05/Mar/14  Updated: 06/Feb/16  Resolved: 10/Mar/14

Status: Closed
Project: Spring Security
Component/s: Web
Affects Version/s: 3.2.1
Fix Version/s: 3.1.6, 3.2.2

Type: Bug Priority: Minor
Reporter: Mateusz Wenus Assignee: Rob Winch
Resolution: Complete Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


It's probably a typo - WebExpressionVoter has the following method:

public boolean supports(Class<?> clazz) {
    return clazz.isAssignableFrom(FilterInvocation.class);

I think it should be:

public boolean supports(Class<?> clazz) {
    return FilterInvocation.class.isAssignableFrom(clazz);

because WebExpressionVoter should support subclasses of FilterInvocation.

Comment by Spring Issuemaster [ 06/Feb/16 ]

This issue has been migrated to https://github.com/spring-projects/spring-security/issues/2724

Generated at Fri Aug 14 14:34:36 UTC 2020 using Jira 8.5.4#805004-sha1:0444eab799707f9ad7b248d69f858774aadfd250.