Details

    • Type: Improvement Improvement
    • Status: Closed Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.5
    • Security Level: Public (Public: Anyone can view)
    • Labels:
      None
    • Similar issues:
      KULRICE-12626Improvements on binding/method security
      KULRICE-12536Add Spring Binding Security Docs to KRAD Guide
      KULRICE-10454Improve handling of the binding errors
      KULRICE-5830Improve the AttachmentServlet security
      KULRICE-8819Add ByteArrayMultipartFileEditor to registered property editors to allow file types to bind to Byte[] data types
      KULRICE-1463The secure.* properties for workflowDocumentActions and workflowUtility are not configured on the server side
      KULRICE-12687KRMS Agenda cannot add a proposition due to security
      KULRICE-7984Binding prefixes (#lp, #dp, #line) not working with property replacer condition
      KULRICE-144Improve KSB security using Acegi
    • Rice Module:
      KRAD
    • KAI Review Status:
      Not Required
    • KTI Review Status:
      Not Required
    • Code Review Status:
      Not Required
    • Include in Release Notes?:
      Yes

      Description

      To provide further security on GET requests, the methodToCalls parameter was added to @RequestAccessible in order to allow binding of parameters only if the methodToCall matched one of the listed values in the methodToCalls, unless the property is listed as one of the accessible bindings configured on the view. This default access currently takes precedence even if the methodToCall does not match one of the listed methodToCalls in the annotation, which limits the intended functionality provided by the annotation parameter.

        Activity

        Hide
        Jerry Neal (Inactive) added a comment -

        Nisha,

        This is resolved now right?

        Jerry

        Show
        Jerry Neal (Inactive) added a comment - Nisha, This is resolved now right? Jerry

          People

          • Assignee:
            Nisha Gupta (Inactive)
            Reporter:
            Nisha Gupta (Inactive)
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Structure Helper Panel