JBossWeb SVN: r1252 - trunk/java/org/apache/catalina/startup. - jbossweb-commits

Saturday, 7 November 2009

Author: remy.maucherat(a)jboss.com
Date: 2009-11-06 20:30:50 -0500 (Fri, 06 Nov 2009)
New Revision: 1252

Modified:
   trunk/java/org/apache/catalina/startup/ContextConfig.java
Log:
- The constraint fix was not correct, despite faking it impressively in my testing.

Modified: trunk/java/org/apache/catalina/startup/ContextConfig.java
===================================================================

--- trunk/java/org/apache/catalina/startup/ContextConfig.java	2009-11-06 18:05:17 UTC (rev
1251)
+++ trunk/java/org/apache/catalina/startup/ContextConfig.java	2009-11-07 01:30:50 UTC (rev
1252)
@@ -2101,7 +2101,6 @@
                 boolean classDA =
servletSecurity.getEmptyRoleSemantic().equals(EmptyRoleSemantic.DENY);
                 boolean classTP =
servletSecurity.getTransportGuarantee().equals(TransportGuarantee.CONFIDENTIAL);
                 String[] classRA = servletSecurity.getRolesAllowed();
-                boolean classConstraint = classDA || classTP || (classRA != null
&& classRA.length > 0);
                 Collection<HttpMethodConstraintElement> httpMethodConstraints = 
                     servletSecurity.getHttpMethodConstraints();
 
@@ -2110,13 +2109,13 @@
                 {
                    for (HttpMethodConstraintElement httpMethodConstraint :
httpMethodConstraints)
                    {
+                      methodOmissions.add(httpMethodConstraint.getMethodName());
                       boolean methodPA =
httpMethodConstraint.getEmptyRoleSemantic().equals(EmptyRoleSemantic.PERMIT);
                       boolean methodDA =
httpMethodConstraint.getEmptyRoleSemantic().equals(EmptyRoleSemantic.DENY);
                       boolean methodTP =
httpMethodConstraint.getTransportGuarantee().equals(TransportGuarantee.CONFIDENTIAL);
                       String[] methodRA = httpMethodConstraint.getRolesAllowed();
-                      if (classConstraint || methodDA || methodTP || (methodRA != null
&& methodRA.length > 0))
+                      if (methodDA || methodTP || (methodRA != null &&
methodRA.length > 0))
                       {
-                         methodOmissions.add(httpMethodConstraint.getMethodName());
                          // Define a constraint specific for the method
                          SecurityConstraint constraint = new SecurityConstraint();
                          if (methodDA) {
@@ -2162,7 +2161,7 @@
 
                 }
 
-                if (classConstraint)
+                if (classDA || classTP || (classRA != null && classRA.length >
0))
                 {
                     // Define a constraint for the class
                     SecurityConstraint constraint = new SecurityConstraint();


    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

JBossWeb SVN: r1252 - trunk/java/org/apache/catalina/startup.