ApplicationSecurityEnforcer.java, line 202, has a method (and other methods in the file) which performs security checks. However, they are not final. As a result, the security checks can be overridden in ways that bypass security checks.
(In reply to comment #0) > ApplicationSecurityEnforcer.java, line 202, has a method (and other methods > in the file) which performs security checks. However, they are not final. Would simply marking the methods with final fix this? Did you perform any kind of analysis to check if are there other methods - in other source files - involved? Patches are welcome, as usual! ;-)