# HG changeset patch
# User Raimund Renkert <raimund.renkert@intevation.de>
# Date 1488287031 -3600
# Node ID a0da035cc8317f882767dc34ac582a73ec4f175c
# Parent  1bf808b6740369f7067fcd32bf0065b14489868a
Do not allow access to unknow classes.

diff -r 1bf808b67403 -r a0da035cc831 src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java
--- a/src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java	Tue Feb 28 09:47:54 2017 +0100
+++ b/src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java	Tue Feb 28 14:03:51 2017 +0100
@@ -137,9 +137,8 @@
             return data;
         }
         Authorizer authorizer = authorizers.get(clazz);
-        //This is a hack... Allows wildcard for unknown classes.
         if (authorizer == null) {
-            return data;
+            return new Response(false, 699, null);
         }
         return authorizer.filter(data, userInfo, clazz);
     }
@@ -244,7 +243,7 @@
         Authorizer authorizer = authorizers.get(clazz);
         //This is a hack... Allows wildcard for unknown classes.
         if (authorizer == null) {
-            return true;
+            return false;
         }
         return authorizer.isAuthorized(data, RequestMethod.GET, userInfo, clazz);
     }
@@ -263,9 +262,8 @@
         Class<T> clazz
     ) {
         Authorizer authorizer = authorizers.get(clazz);
-        //This is a hack... Allows wildcard for unknown classes.
         if (authorizer == null) {
-            return true;
+            return false;
         }
         return authorizer.isAuthorized(data, RequestMethod.POST, userInfo, clazz);
     }