-
Feb 10th, 2010, 08:28 PM
#11
One possible bug is the == comparison - unless the 2 objects in question implement Comparable, this will use the Java == operator, and not .equals, which may not provide correct or expected results for the #font.customer == principal.customer check.
Peter Mularien | Blog
Author, Spring Security 3 (Book) - Packt Publishing, Available in print and eBook form
SCJP 5, Oracle DBA
Any postings are my own opinion, and should not be attributed to my employer or clients.
-
Feb 10th, 2010, 09:40 PM
#12
That's a great possibility! I did make sure that the equals() was implemented properly, but I was not aware that I needed to implement Comparable. I'll check on that first thing in the morning!
Thanks for the tip!
Dave
-
Feb 11th, 2010, 09:06 AM
#13
Well, apparently it's not a problem with Comparable. Same result. After thinking about it last night, I really didn't think that would be it, though. The objects that are being compared are materialized by Hibernate. It's more likely that the same actual object instance is used in both cases. Still, it's good to know about this idiosyncrasy. Seems a strange way to implement "==", though. Is there some way of telling the expression to use .equals() ?
So, I'm still stumped and stuck. If I can't figure out a solution soon, I'll probably have to scrap all of this and hard-code all the security checks in my services. (Yuck!)
-
Feb 11th, 2010, 09:24 AM
#14
Well, I had a bit of an "ah ha" moment. The problem isn't specifically solved, but I realized that I can get around it.
In our case, we don't make use of the HTTP session. So, I did my testing again but shut down the browser between each try. Everything works as expected in this case. It's just when the browser is maintaining the session that things go awry.
Long story short, I can move forward with my own development. I'd still like to understand why this doesn't work in a session environment, though. It seems to me like there must be a subtle bug here - or we just haven't figured out what stupid, little something I've got misconfigured (greater chance of the latter being true).
Thanks for all the help! I'll keep my eyes on this thread, but I'm moving along, now.
-
Jul 2nd, 2010, 02:04 AM
#15
I am new to spring security. Did any one try to integrate it with database i want to do this. Can any one tell me from where have to start.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Senior Member
