You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2021/06/01 15:06:32 UTC
[tomcat] branch main updated: Ignore duplicate roles
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 1df0f91 Ignore duplicate roles
1df0f91 is described below
commit 1df0f9136c5f545626cd900d421adcf30fb75665
Author: remm <re...@apache.org>
AuthorDate: Tue Jun 1 17:05:31 2021 +0200
Ignore duplicate roles
Submitted by Carsten Klein.
---
java/org/apache/catalina/realm/UserDatabaseRealm.java | 7 ++++---
webapps/docs/changelog.xml | 5 +++++
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/realm/UserDatabaseRealm.java b/java/org/apache/catalina/realm/UserDatabaseRealm.java
index f30c24a..09d5608 100644
--- a/java/org/apache/catalina/realm/UserDatabaseRealm.java
+++ b/java/org/apache/catalina/realm/UserDatabaseRealm.java
@@ -18,8 +18,9 @@ package org.apache.catalina.realm;
import java.security.Principal;
import java.util.ArrayList;
+import java.util.HashSet;
import java.util.Iterator;
-import java.util.List;
+import java.util.Set;
import javax.naming.Context;
@@ -221,7 +222,7 @@ public class UserDatabaseRealm extends RealmBase {
return null;
}
- List<String> roles = new ArrayList<>();
+ Set<String> roles = new HashSet<>();
Iterator<Role> uroles = user.getRoles();
while (uroles.hasNext()) {
Role role = uroles.next();
@@ -236,7 +237,7 @@ public class UserDatabaseRealm extends RealmBase {
roles.add(role.getName());
}
}
- return new GenericPrincipal(username, roles,
+ return new GenericPrincipal(username, new ArrayList<String>(roles),
new UserDatabasePrincipal(username));
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 05c57ff..a26cc8c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -160,6 +160,11 @@
AprLifecycleListener does not show dev version suffix for libtcnative
and libapr. (michaelo)
</fix>
+ <fix>
+ Ignore duplicates when collecting the effective roles list from Roles
+ and Groups in <code>UserDatabaseRealm.getPrincipal(String)</code>.
+ Submitted by Carsten Klein. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org