# HG changeset patch
# User Tom Gottfried <tom@intevation.de>
# Date 1475241844 -7200
# Node ID 02915a07e186c74aa1987a4927deed2fae92bcdf
# Parent  f78f904460849cdeed0f0dab9a0ed2c9b12aaf42
Do not authorize everything unknown.

diff -r f78f90446084 -r 02915a07e186 src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java
--- a/src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java	Fri Sep 30 15:21:55 2016 +0200
+++ b/src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java	Fri Sep 30 15:24:04 2016 +0200
@@ -164,9 +164,9 @@
             return false;
         }
         Authorizer authorizer = authorizers.get(clazz);
-        //This is a hack... Allows wildcard for unknown classes.
+        // Do not authorize anything unknown
         if (authorizer == null) {
-            return true;
+            return false;
         }
         return authorizer.isAuthorized(data, method, userInfo, clazz);
     }