Skip to content

SEC-2817: ObjectIdentityImpl.equals method doesn't allow comparing ObjectIdentity instances from different classes #3036

New issue
New issue
Open
Open
SEC-2817: ObjectIdentityImpl.equals method doesn't allow comparing ObjectIdentity instances from different classes#3036
Labels
in: aclAn issue in spring-security-acltype: bugA general bugtype: jiraAn issue that was migrated from JIRA
@spring-projects-issues

Description

@spring-projects-issues
spring-projects-issues
opened on Jan 14, 2015

Kenan Sevindik (Migrated from SEC-2817) said:

Inside ObjectIdentityImpl.equals(..) method, target arg object is expected of type ObjectIdentityImpl. However, we can have another implementation of ObjectIdentity interface and an instance of it can be passed into that equals method as well.

Let's say I create a CustomObjectIdentity class of type ObjectIdentity, have a domain object of type: x.y.Foo with id: Long(1), and create two ObjectIdentity instances representing that domain object.

  1. ObjectIdentity oid1 = new ObjectIdentityImpl(Foo.class,1L);
  2. ObjectIdentity oid2 = new CustomObjectIdentity(Foo.class,1L);

IMO, oid1.equals(oid2) should return true here. Instead of checking if target arg object is of type ObjectIdentityImpl within equals method, it should just check if target object is of type ObjectIdentity and obtain type and identifier values via getters to evaluate the equals method.

Metadata

Metadata

Assignees

No one assigned

    Labels

    in: aclAn issue in spring-security-acltype: bugA general bugtype: jiraAn issue that was migrated from JIRA

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions