Author: remy.maucherat(a)jboss.com
Date: 2009-12-10 09:00:48 -0500 (Thu, 10 Dec 2009)
New Revision: 1330
Modified:
trunk/java/org/apache/catalina/deploy/SecurityConstraint.java
Log:
- All roles constraints actually always require authentication.
Modified: trunk/java/org/apache/catalina/deploy/SecurityConstraint.java
===================================================================
--- trunk/java/org/apache/catalina/deploy/SecurityConstraint.java 2009-12-09 17:11:00 UTC
(rev 1329)
+++ trunk/java/org/apache/catalina/deploy/SecurityConstraint.java 2009-12-10 14:00:48 UTC
(rev 1330)
@@ -190,6 +190,7 @@
if (authRole == null)
return;
+ authConstraint = true;
if ("*".equals(authRole)) {
allRoles = true;
return;
@@ -199,7 +200,6 @@
results[i] = authRoles[i];
results[authRoles.length] = authRole;
authRoles = results;
- authConstraint = true;
}