Hi Shawn,
I'm reviewing the CUtil class, and on line 421 (method
validateConstraints), there is this :
if (VUtil.isNotNullOrEmpty(session.getRoles()))
{
// now check the constraint on every rbac role
activation candidate contained within session object:
ListIterator roleItems =
session.getRoles().listIterator();
while (roleItems.hasNext())
{
Constraint constraint = (Constraint)
roleItems.next();
rc = val.validate(session, constraint, currTime);
if (rc > 0)
{
String msg = location + " role [" +
constraint.getName() + "] for user ["
+ session.getUserId() + "] was
deactivated reason code [" + rc + "]";
LOG.info(msg);
roleItems.remove();
session.setWarning( new
ObjectFactory().createWarning( rc, msg, Warning.Type.ROLE,
constraint.getName() ) );
}
}
}
The pb is thatsession.getRoles() returns a List<UserRole>, and later
down we do : Constraint constraint = (Constraint) roleItems.next();
We are very likely to get a classCastException here.
Cn you confirm that ?
Thanks !
