From 4d2666d5e3ead30520908102cafbf102dd504d4e Mon Sep 17 00:00:00 2001
From: HaoHuynhHawk <34651004+HaoHuynhHawk@users.noreply.github.com>
Date: Mon, 18 Dec 2017 19:53:55 +0700
Subject: [PATCH] UPdate

---
 .../webgoat/plugin/rollbased/RoleBasedAccessControl.java     | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/role-based-access-control/src/main/java/org/owasp/webgoat/plugin/rollbased/RoleBasedAccessControl.java b/role-based-access-control/src/main/java/org/owasp/webgoat/plugin/rollbased/RoleBasedAccessControl.java
index 52a022ad..c256d5f7 100644
--- a/role-based-access-control/src/main/java/org/owasp/webgoat/plugin/rollbased/RoleBasedAccessControl.java
+++ b/role-based-access-control/src/main/java/org/owasp/webgoat/plugin/rollbased/RoleBasedAccessControl.java
@@ -200,6 +200,11 @@ public void handleRequest(WebSession s)
     {
         // Here is where dispatching to the various action handlers happens.
         // It would be a good place verify authorization to use an action.
+        public void handleRequest(WebSession s) {
+If(!isAuthorized(s, userId, requestedActionname){
+throw new UnauthorizedException();
+}
+}
 
         // System.out.println("RoleBasedAccessControl.handleRequest()");
         if (s.getLessonSession(this) == null) {