[jbossweb-commits] JBossWeb SVN: r1329 - trunk/java/org/apache/catalina/startup.

Wednesday, 9 December 2009

Author: remy.maucherat(a)jboss.com
Date: 2009-12-09 12:11:00 -0500 (Wed, 09 Dec 2009)
New Revision: 1329

Modified:
   trunk/java/org/apache/catalina/startup/ContextConfig.java
Log:
- Fix big ooops: empty roles permit means allRoles only if there are really no roles ...

Modified: trunk/java/org/apache/catalina/startup/ContextConfig.java
===================================================================

--- trunk/java/org/apache/catalina/startup/ContextConfig.java	2009-12-09 12:37:21 UTC (rev
1328)
+++ trunk/java/org/apache/catalina/startup/ContextConfig.java	2009-12-09 17:11:00 UTC (rev
1329)
@@ -2133,7 +2133,7 @@
                          if (methodDA) {
                              constraint.setAuthConstraint(true);
                          }
-                         if (methodPA) {
+                         if (methodPA && (methodRA == null || methodRA.length ==
0)) {
                              constraint.addAuthRole("*");
                          }
                          if (methodRA != null) {
@@ -2169,7 +2169,7 @@
                 {
                     // Define a constraint for the class
                     SecurityConstraint constraint = new SecurityConstraint();
-                    if (classPA) {
+                    if (classPA && (classRA == null || classRA.length == 0)) {
                         constraint.addAuthRole("*");
                     }
                     if (classDA) {


    

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

[jbossweb-commits] JBossWeb SVN: r1329 - trunk/java/org/apache/catalina/startup.