SEC-2497: checkForPrincipalChanges limited to String Principal #2716
Assignees
Labels
in: web
An issue in web modules (web, webmvc)
status: duplicate
A duplicate of another issue
type: bug
A general bug
type: jira
An issue that was migrated from JIRA
Comments
|
Rob Winch said: Thanks for the report. This appears to be a duplicate of SEC-2078 in which I am waiting for feedback from the reporter. Can you please comment there to let me know if the proposal works. |
spring-projects-issues
added
in: web
|
This issue duplicates #2302 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Fabrice Marchal (Migrated from SEC-2497) said:
In AbstractPreAuthenticatedProcessingFilter,
method requiresAuthentication , Principal are assumed to be String
if (currentUser.getName().equals(principal))
should be
if (currentUser.getPrincipal().equals(principal))
The text was updated successfully, but these errors were encountered: