Skip to content

SEC-2072: <security:anonymous> no longer supports multiple authories #2296

New issue
New issue
Closed
Closed
SEC-2072: <security:anonymous> no longer supports multiple authories#2296
Assignees
rwinch
Labels
in: configAn issue in spring-security-configtype: bugA general bugtype: jiraAn issue that was migrated from JIRA
Milestone
3.2.0.M1
@spring-projects-issues

Description

@spring-projects-issues
spring-projects-issues
opened on Nov 2, 2012

Rob Winch (Migrated from SEC-2072) said:

Description from the forum:

Hi. I'm using this configuration

<security:anonymous granted-authority="ROLE_INVITADO,ROLE_PROFILE_INVITADO,ROLE_GRUPO_PUBLICO" username="invitado" />

So the guest has 3 roles. Up until spring 3.1.1.RELEASE if I did

SecurityContextHolder.getContext().getAuthentication().getAuthorities()

I got 3 authorities (as expected).

In Spring 3.1.2.RELEASE I get only one authority and it's value is

"ROLE_INVITADO,ROLE_PROFILE_INVITADO,ROLE_GRUPO_PUBLICO"

So those 3 comma separated values are not being split in 3.1.2 as they were in 3.1.1.

I'm not sure if it was originally intended to support mutiple roles separating them by comma or not. Was it? Is it now? Any othe way to set that up? Is this a bug in 3.1.2?

I don't see this change in the version changes, maybe it was an unintended consecuence of some other change.

Metadata

Metadata

Assignees

Labels

in: configAn issue in spring-security-configtype: bugA general bugtype: jiraAn issue that was migrated from JIRA

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions