Author: tchemit Date: 2012-08-26 18:33:47 +0200 (Sun, 26 Aug 2012) New Revision: 3630 Url: http://chorem.org/repositories/revision/pollen/3630 Log: refs #746: Improve security model (check accountId exists when in url Modified: trunk/pollen-ui-struts2/src/main/java/org/chorem/pollen/ui/security/AbstractPollenAuthorization.java Modified: trunk/pollen-ui-struts2/src/main/java/org/chorem/pollen/ui/security/AbstractPollenAuthorization.java =================================================================== --- trunk/pollen-ui-struts2/src/main/java/org/chorem/pollen/ui/security/AbstractPollenAuthorization.java 2012-08-26 11:19:25 UTC (rev 3629) +++ trunk/pollen-ui-struts2/src/main/java/org/chorem/pollen/ui/security/AbstractPollenAuthorization.java 2012-08-26 16:33:47 UTC (rev 3630) @@ -161,8 +161,25 @@ securityContext.setPoll(poll); - // load user roles - securityContext.loadUserRoles(securityService); + if (securityContext.isWithAccountId()) { + + boolean accountExist = securityService.isAccountExist( + securityContext.getAccountId()); + + if (!accountExist) { + + // bad accountId + errorMessage = n_("pollen.security.error.bad.accountId"); + registerError(request, errorMessage); + } + + } + + if (errorMessage == null) { + + // load user roles + securityContext.loadUserRoles(securityService); + } } if (log.isInfoEnabled()) {