SEC-2488: Make the PreFilter annotation support filtering of an immutable list. #2708
Comments
|
Rob Winch said: Thank you for reporting this and creating a PR. You are right that JIRA is the place to go. See the CONTRIBUTING.md in github (which should show up as you create PRs). |
|
Rob Winch said: What makes this quite challenging is ensuring we remain passive for Collections that ArrayList does not implement. For example, a user may use the following: You might do lots of instanceof checks to determine the new argument to create. However, we still does not handle additional implementations of Collection that users might be using. This limitation might not be a big deal if we didn't already have many users leveraging the feature. Before we accept something like this, we need to verify that it is completely passive. One way might be to provide an alternative MethodSecurityExpressionHandler implementation. As I'm guessing this is going to take a while to sort out. I'm pushing the fix version back. |
|
Rob Winch said: Duplicates SEC-2083 |
spring-projects-issues
added
in: web
|
This issue duplicates #2316 |
Quinten Krijger (Migrated from SEC-2488) said:
I posted a pull request on github, but I haven't heard of it for two months, so I thought JIRA might be a better route.
I put the github pull request in here as Pull Request URL.
The text was updated successfully, but these errors were encountered: