Author: remy.maucherat(a)jboss.com Date: 2009-11-06 09:26:21 -0500 (Fri, 06 Nov 2009) New Revision: 1247 Modified: trunk/java/org/apache/catalina/startup/ContextConfig.java Log: - Improve the security element resolution algorithm. Modified: trunk/java/org/apache/catalina/startup/ContextConfig.java =================================================================== --- trunk/java/org/apache/catalina/startup/ContextConfig.java 2009-11-06 01:45:35 UTC (rev 1246) +++ trunk/java/org/apache/catalina/startup/ContextConfig.java 2009-11-06 14:26:21 UTC (rev 1247) @@ -2101,6 +2101,7 @@ boolean classDA = servletSecurity.getEmptyRoleSemantic().equals(EmptyRoleSemantic.DENY); boolean classTP = servletSecurity.getTransportGuarantee().equals(TransportGuarantee.CONFIDENTIAL); String[] classRA = servletSecurity.getRolesAllowed(); + boolean classConstraint = classDA || classTP || (classRA != null && classRA.length > 0); Collection<HttpMethodConstraintElement> httpMethodConstraints = servletSecurity.getHttpMethodConstraints(); @@ -2113,7 +2114,7 @@ boolean methodDA = httpMethodConstraint.getEmptyRoleSemantic().equals(EmptyRoleSemantic.DENY); boolean methodTP = httpMethodConstraint.getTransportGuarantee().equals(TransportGuarantee.CONFIDENTIAL); String[] methodRA = httpMethodConstraint.getRolesAllowed(); - if (methodPA || methodDA || methodTP || methodRA != null) + if (classConstraint || methodDA || methodTP || (methodRA != null && methodRA.length > 0)) { methodOmissions.add(httpMethodConstraint.getMethodName()); // Define a constraint specific for the method @@ -2161,7 +2162,7 @@ } - if (classPA || classDA || classTP || classRA != null) + if (classConstraint) { // Define a constraint for the class SecurityConstraint constraint = new SecurityConstraint();