You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2008/07/30 19:49:51 UTC
svn commit: r681143 - in /tomcat:
container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java
container/tc5.5.x/webapps/docs/changelog.xml current/tc5.5.x/STATUS.txt
Author: markt
Date: Wed Jul 30 10:49:50 2008
New Revision: 681143
URL: http://svn.apache.org/viewvc?rev=681143&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44529
No roles (deny all) trumps no auth-constraint (allow all)
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java
tomcat/container/tc5.5.x/webapps/docs/changelog.xml
tomcat/current/tc5.5.x/STATUS.txt
Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java
URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java?rev=681143&r1=681142&r2=681143&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java (original)
+++ tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java Wed Jul 30 10:49:50 2008
@@ -774,17 +774,16 @@
log.debug("No roles ");
status = false; // No listed roles means no access at all
denyfromall = true;
+ break;
} else {
if(log.isDebugEnabled())
log.debug("Passing all access");
- return (true);
+ status = true;
}
} else if (principal == null) {
if (log.isDebugEnabled())
log.debug(" No user authenticated, cannot grant access");
- status = false;
- } else if(!denyfromall) {
-
+ } else {
for (int j = 0; j < roles.length; j++) {
if (hasRole(principal, roles[j]))
status = true;
@@ -794,7 +793,8 @@
}
}
- if (allRolesMode != AllRolesMode.STRICT_MODE && !status && principal != null) {
+ if (!denyfromall && allRolesMode != AllRolesMode.STRICT_MODE &&
+ !status && principal != null) {
if (log.isDebugEnabled()) {
log.debug("Checking for all roles mode: " + allRolesMode);
}
Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?rev=681143&r1=681142&r2=681143&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Wed Jul 30 10:49:50 2008
@@ -50,6 +50,10 @@
requested. Patch provided by Charles R Caldarale. (markt)
</fix>
<fix>
+ <bug>44529</bug>: No roles specified (deny all) should take precedence
+ over no auth-constraint specified (allow-all). (markt)
+ </fix>
+ <fix>
<bug>44673</bug>: Throw IOE if ServletInputStream is closed and a call
is made to any read(), ready(), mark(), reset(), or skip() method as per
javadocs for Reader. (markt)
Modified: tomcat/current/tc5.5.x/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/current/tc5.5.x/STATUS.txt?rev=681143&r1=681142&r2=681143&view=diff
==============================================================================
--- tomcat/current/tc5.5.x/STATUS.txt (original)
+++ tomcat/current/tc5.5.x/STATUS.txt Wed Jul 30 10:49:50 2008
@@ -41,12 +41,6 @@
+1: markt
-1: fhanik - Rainer backported all the fixes, we should evaluate those, I'll add them at the bottom
-* No roles (deny all) trumps no auth-constraint (allow all)
- https://issues.apache.org/bugzilla/show_bug.cgi?id=44529
- http://svn.apache.org/viewvc?rev=642542&view=rev
- +1: markt, fhanik, yoavs
- -1:
-
* Fix reading of multi-byte request data
https://issues.apache.org/bugzilla/show_bug.cgi?id=44494
http://svn.apache.org/viewvc?rev=642814&view=rev (clean-up)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org