Mercurial > lada > lada-server

changeset 1071:02915a07e186

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Do not authorize everything unknown.
author Tom Gottfried <tom@intevation.de>
date Fri, 30 Sep 2016 15:24:04 +0200
parents f78f90446084
children 703b370c3b34
files src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java
diffstat 1 files changed, 2 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java	Fri Sep 30 15:21:55 2016 +0200
+++ b/src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java	Fri Sep 30 15:24:04 2016 +0200
@@ -164,9 +164,9 @@
             return false;
         }
         Authorizer authorizer = authorizers.get(clazz);
-        //This is a hack... Allows wildcard for unknown classes.
+        // Do not authorize anything unknown
         if (authorizer == null) {
-            return true;
+            return false;
         }
         return authorizer.isAuthorized(data, method, userInfo, clazz);
     }
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)