You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2018/02/06 11:38:09 UTC
svn commit: r1823306 - in /tomcat/trunk:
java/org/apache/catalina/realm/RealmBase.java webapps/docs/changelog.xml
Author: markt
Date: Tue Feb 6 11:38:09 2018
New Revision: 1823306
URL: http://svn.apache.org/viewvc?rev=1823306&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62067
Correctly apply security constraints mapped to the context root using a
URL pattern of ""
Modified:
tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java?rev=1823306&r1=1823305&r2=1823306&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java Tue Feb 6 11:38:09 2018
@@ -546,9 +546,9 @@ public abstract class RealmBase extends
// Check each defined security constraint
String uri = request.getRequestPathMB().toString();
- // Bug47080 - in rare cases this may be null
+ // Bug47080 - in rare cases this may be null or ""
// Mapper treats as '/' do the same to prevent NPE
- if (uri == null) {
+ if (uri == null || uri.length() == 0) {
uri = "/";
}
@@ -580,7 +580,8 @@ public abstract class RealmBase extends
}
for(int k=0; k < patterns.length; k++) {
- if(uri.equals(patterns[k])) {
+ // Exact match including special case for the context root.
+ if(uri.equals(patterns[k]) || patterns[k].length() == 0 && uri.equals("/")) {
found = true;
if(collection[j].findMethod(method)) {
if(results == null) {
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1823306&r1=1823305&r2=1823306&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Feb 6 11:38:09 2018
@@ -91,6 +91,10 @@
When using Tomcat embedded, only perform Authenticator configuration
once during web application start. (markt)
</fix>
+ <fix>
+ <bug>62067</bug>: Correctly apply security constraints mapped to the
+ context root using a URL pattern of <code>""</code>. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org