2 Replies Latest reply on May 9, 2009 12:02 AM by Shane Bryzak

    BUG: PermissionMetadata doesn't honor @Permission

    Vivian Steller Newbie

      Hey there,

      I think I found a little (not security critical) bug in PermissionMetadata as the method public List<String> listAllowableActions(Class targetClass) of that class doesn't return actions applied through a single @Permission(action = "..."). However, it does so for @Permission annotations wrapped in @Permissions (note the slight but important difference in the suffix -s ;) ).

      More precisely the method private synchronized void initClassActions(Class cls) of PermissionMetadata doesn't do its job well:

      Permissions p = (Permissions) cls.getAnnotation(Permissions.class);
      if (p != null)

      So it doesn't take a single @Permission into account at all.

      Shall I open a JIRA issue for that?
      At least from my findings, there is no issue yet.

      If you need more info, please let me know. Thanks!