Alessio Fabiani created an issue |
Issue Type: |
Bug |
---|---|
Assignee: |
Unassigned |
Created: |
19/Jun/23 2:56 PM |
Priority: |
Medium |
Reporter: |
Recenty the sprinc-security-core dependency on GeoServer has been upgraded due to a security fix as per https://github.com/geoserver/geoserver/pull/6830 The upgrade introduced some issues into the Oauth2 security filter logic mainly due to the anonymous session token, which now is correctly valorized. The filter assumes that an anoymous user is always associated to a null security context authority, which is wrong. Now an anonymous user will be associated to an AnonymousAuthortyToken, which will be also recognized by the spring-oauth2 plugin in order to perform additional checks on the oauth2 resources. A simple change into the logic checks can allow us to easily fix this behavior and benefit of the new spring security core improvement. |
Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS |
|
This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100227-sha1:8ffa416) |