AclAuthorizationStrategyImpl
should use RoleHierarchy
#4186
Labels
Milestone
AclAuthorizationStrategyImpl
should use RoleHierarchy
#4186
AclAuthorizationStrategyImpl does not check reachable granted authorities when checking principal's authorities to determine right
Spring Security has been configured using role hierarchies but Spring Security ACL does not consider this when evaluating a principals authorities to determine right.
Actual Behavior
From AclAuthorizationStrategyImpl .securityCheck(Acl, int) method:
Expected Behavior
The AclAuthorizationStrategyImpl .securityCheck(Acl, int) method should do something along the lines of:
Configuration
SpringACLConfig.java
...
Version
Using io.spring.platform:platform-bom:Athens-SR1 & org.springframework.boot:spring-boot-gradle-plugin:1.4.2.RELEASE
The text was updated successfully, but these errors were encountered: