You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2006/01/02 16:40:12 UTC
svn commit: r365362 -
/tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
Author: markt
Date: Mon Jan 2 07:40:09 2006
New Revision: 365362
URL: http://svn.apache.org/viewcvs?rev=365362&view=rev
Log:
Fix bug 15570. Magic role of * was interpreted as all authenticated
users rather than as all roles defined in web.xml
Modified:
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
Modified: tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
URL: http://svn.apache.org/viewcvs/tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=365362&r1=365361&r2=365362&view=diff
==============================================================================
--- tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java (original)
+++ tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java Mon Jan 2 07:40:09 2006
@@ -566,10 +566,14 @@
}
// Check each role included in this constraint
- if (constraint.getAllRoles())
- return (true);
+ String roles[];
+ if (constraint.getAllRoles()) {
+ // * means all roles defined in web.xml
+ roles = context.findSecurityRoles();
+ } else {
+ roles = constraint.findAuthRoles();
+ }
- String roles[] = constraint.findAuthRoles();
if (roles == null)
roles = new String[0];
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org