Author: remy.maucherat(a)jboss.com
Date: 2012-08-31 10:54:47 -0400 (Fri, 31 Aug 2012)
New Revision: 2076
Modified:
trunk/src/main/java/org/apache/catalina/realm/RealmBase.java
trunk/webapps/docs/changelog.xml
Log:
Port patch for security constraints matching (53801). Risky, so no backport plans.
Modified: trunk/src/main/java/org/apache/catalina/realm/RealmBase.java
===================================================================
--- trunk/src/main/java/org/apache/catalina/realm/RealmBase.java 2012-08-30 17:19:13 UTC
(rev 2075)
+++ trunk/src/main/java/org/apache/catalina/realm/RealmBase.java 2012-08-31 14:54:47 UTC
(rev 2076)
@@ -566,14 +566,15 @@
}
}
if(matched) {
- found = true;
if(length > longest) {
+ found = false;
if(results != null) {
results.clear();
}
longest = length;
}
if(collection[j].findMethod(method)) {
+ found = true;
if(results == null) {
results = new ArrayList();
}
@@ -699,7 +700,7 @@
* Convert an ArrayList to a SecurityContraint [].
*/
private SecurityConstraint [] resultsToArray(ArrayList results) {
- if(results == null) {
+ if(results == null || results.size() == 0) {
return null;
}
SecurityConstraint [] array = new SecurityConstraint[results.size()];
Modified: trunk/webapps/docs/changelog.xml
===================================================================
--- trunk/webapps/docs/changelog.xml 2012-08-30 17:19:13 UTC (rev 2075)
+++ trunk/webapps/docs/changelog.xml 2012-08-31 14:54:47 UTC (rev 2076)
@@ -36,6 +36,9 @@
<jboss-jira>AS7-4232</jboss-jira>: Modify async error processing
based on a stricter spec
interpretation. (remm)
</fix>
+ <fix>
+ <bug>53801</bug>: Fix some edge case with overlapping security
constraints. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">