You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2021/06/03 14:52:11 UTC
[tomcat] branch 10.0.x updated: Fix missing code from the original
hasRole
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.0.x by this push:
new 08e6194 Fix missing code from the original hasRole
08e6194 is described below
commit 08e619471ec708130d81ac112f1a2ed338891664
Author: remm <re...@apache.org>
AuthorDate: Thu Jun 3 16:49:52 2021 +0200
Fix missing code from the original hasRole
Otherwise groups were not considered. No idea why I removed it.
Submitted by Carsten Klein.
---
java/org/apache/catalina/realm/UserDatabaseRealm.java | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/realm/UserDatabaseRealm.java b/java/org/apache/catalina/realm/UserDatabaseRealm.java
index 714fd50..bb27099 100644
--- a/java/org/apache/catalina/realm/UserDatabaseRealm.java
+++ b/java/org/apache/catalina/realm/UserDatabaseRealm.java
@@ -273,7 +273,17 @@ public class UserDatabaseRealm extends RealmBase {
if (dbrole == null) {
return false;
}
- return user.isInRole(dbrole);
+ if (user.isInRole(dbrole)) {
+ return true;
+ }
+ Iterator<Group> groups = user.getGroups();
+ while (groups.hasNext()) {
+ Group group = groups.next();
+ if (group.isInRole(dbrole)) {
+ return true;
+ }
+ }
+ return false;
}
private Object writeReplace() {
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org