Uploaded image for project: 'Red Hat build of Apache Camel for Spring Boot'
  1. Red Hat build of Apache Camel for Spring Boot
  2. CSB-1992

spring-security ConsensusBased accessDecisionManager

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Normal Normal
    • CSB-4.0
    • CSB-4.0, CSB-3.20.1
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • Very Likely
    • 0

      As per the description, ConsensusBased policy of accessDecisionManager counts votes (grant and deny) for the user, and the final decision is based on what prevails.

      So if the user has only ADMIN role and 

      <authorizationPolicy id="consensusBasedAdminPolicy" access="ROLE_ADMIN, ROLE_ADMIN1, ROLE_ADMIN2"

      user should be denied (1 pro, 2 against).
      But in fact, the user is granted access.

      For details see SpringSecurityITCase test of tnb-test, for the time being, branch 

      CSB-4.x-CSB-1359

      .

          1.
          		 Validate spring-security ConsensusBased accessDecisionManager Sub-task Closed Normal Stefan Veres (Inactive)

              ldemasi Luigi De Masi
              sveres@redhat.com Stefan Veres (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: