You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2021/06/01 15:06:32 UTC

[tomcat] branch main updated: Ignore duplicate roles

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 1df0f91  Ignore duplicate roles
1df0f91 is described below

commit 1df0f9136c5f545626cd900d421adcf30fb75665
Author: remm <re...@apache.org>
AuthorDate: Tue Jun 1 17:05:31 2021 +0200

    Ignore duplicate roles
    
    Submitted by Carsten Klein.
---
 java/org/apache/catalina/realm/UserDatabaseRealm.java | 7 ++++---
 webapps/docs/changelog.xml                            | 5 +++++
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/catalina/realm/UserDatabaseRealm.java b/java/org/apache/catalina/realm/UserDatabaseRealm.java
index f30c24a..09d5608 100644
--- a/java/org/apache/catalina/realm/UserDatabaseRealm.java
+++ b/java/org/apache/catalina/realm/UserDatabaseRealm.java
@@ -18,8 +18,9 @@ package org.apache.catalina.realm;
 
 import java.security.Principal;
 import java.util.ArrayList;
+import java.util.HashSet;
 import java.util.Iterator;
-import java.util.List;
+import java.util.Set;
 
 import javax.naming.Context;
 
@@ -221,7 +222,7 @@ public class UserDatabaseRealm extends RealmBase {
             return null;
         }
 
-        List<String> roles = new ArrayList<>();
+        Set<String> roles = new HashSet<>();
         Iterator<Role> uroles = user.getRoles();
         while (uroles.hasNext()) {
             Role role = uroles.next();
@@ -236,7 +237,7 @@ public class UserDatabaseRealm extends RealmBase {
                 roles.add(role.getName());
             }
         }
-        return new GenericPrincipal(username, roles,
+        return new GenericPrincipal(username, new ArrayList<String>(roles),
                 new UserDatabasePrincipal(username));
     }
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 05c57ff..a26cc8c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -160,6 +160,11 @@
         AprLifecycleListener does not show dev version suffix for libtcnative
         and libapr. (michaelo)
       </fix>
+      <fix>
+        Ignore duplicates when collecting the effective roles list from Roles
+        and Groups in <code>UserDatabaseRealm.getPrincipal(String)</code>.
+        Submitted by Carsten Klein. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org