You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2006/01/02 16:46:08 UTC
svn commit: r365363 - in /tomcat/container/tc5.5.x:
catalina/src/share/org/apache/catalina/realm/RealmBase.java
webapps/docs/changelog.xml
Author: markt
Date: Mon Jan 2 07:46:04 2006
New Revision: 365363
URL: http://svn.apache.org/viewcvs?rev=365363&view=rev
Log:
Fix bug 15570. Magic role of * was interpreted as all authenticated
users rather than as all roles defined in web.xml
Ported from TC4.
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java
tomcat/container/tc5.5.x/webapps/docs/changelog.xml
Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java
URL: http://svn.apache.org/viewcvs/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java?rev=365363&r1=365362&r2=365363&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java (original)
+++ tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java Mon Jan 2 07:46:04 2006
@@ -728,12 +728,17 @@
boolean denyfromall = false;
for(int i=0; i < constraints.length; i++) {
SecurityConstraint constraint = constraints[i];
- String roles[] = constraint.findAuthRoles();
+
+ String roles[];
+ if (constraint.getAllRoles()) {
+ // * means all roles defined in web.xml
+ roles = request.getContext().findSecurityRoles();
+ } else {
+ roles = constraint.findAuthRoles();
+ }
+
if (roles == null)
roles = new String[0];
-
- if (constraint.getAllRoles() && !denyfromall)
- status = true;
if (log.isDebugEnabled())
log.debug(" Checking roles " + principal);
Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewcvs/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?rev=365363&r1=365362&r2=365363&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Mon Jan 2 07:46:04 2006
@@ -31,11 +31,18 @@
<bug>37934</bug>: Don't ask for authentication if deny-from-all is in effect. (billbarker)
</fix>
<fix>
+ <bug>15570</bug>: auth-constraint of * was interpretted as all
+ authenticated users rather than as all roles defined in web.xml. (markt)
+ </fix>
+ <fix>
Remove leftover static logger which was used to log application level messages in
ApplicationContextFacade (remm)
</fix>
<fix>
<bug>38012</bug>: Where a CGI script sets a response code, use it. (markt)
+ </fix>
+ <fix>
+ <bug>37854</bug>: Extension-List checking was too strict. (markt)
</fix>
</changelog>
</subsection>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org