2 Replies Latest reply on May 9, 2009 12:02 AM by Shane Bryzak

    BUG: PermissionMetadata doesn't honor @Permission

    Vivian Steller Newbie

      Hey there,


      I think I found a little (not security critical) bug in PermissionMetadata as the method public List<String> listAllowableActions(Class targetClass) of that class doesn't return actions applied through a single @Permission(action = "..."). However, it does so for @Permission annotations wrapped in @Permissions (note the slight but important difference in the suffix -s ;) ).


      More precisely the method private synchronized void initClassActions(Class cls) of PermissionMetadata doesn't do its job well:


      ...
      Permissions p = (Permissions) cls.getAnnotation(Permissions.class);
      if (p != null)
      {
      ...
      }
      
      return...
      



      So it doesn't take a single @Permission into account at all.


      Shall I open a JIRA issue for that?
      At least from my findings, there is no issue yet.


      If you need more info, please let me know. Thanks!