Author: remy.maucherat(a)jboss.com
Date: 2009-12-03 07:04:08 -0500 (Thu, 03 Dec 2009)
New Revision: 1313
Modified:
trunk/java/org/apache/catalina/startup/ContextConfig.java
Log:
- Construct the list of static patterns before processing servlet security elements.
Otherwise, only the first constraint defined by a servlet
security would actually do something.
Modified: trunk/java/org/apache/catalina/startup/ContextConfig.java
===================================================================
--- trunk/java/org/apache/catalina/startup/ContextConfig.java 2009-12-02 23:48:45 UTC (rev
1312)
+++ trunk/java/org/apache/catalina/startup/ContextConfig.java 2009-12-03 12:04:08 UTC (rev
1313)
@@ -2090,6 +2090,17 @@
* Translate servlet security associated with Servlets to security constraints.
*/
protected void resolveServletSecurity() {
+ // Skip all patterns for which a static security constraint has been defined
+ HashSet<String> excludedPatterns = new HashSet<String>();
+ SecurityConstraint[] staticConstraints = context.findConstraints();
+ for (SecurityConstraint staticConstraint : staticConstraints) {
+ for (SecurityCollection collection : staticConstraint.findCollections()) {
+ for (String urlPattern : collection.findPatterns()) {
+ excludedPatterns.add(urlPattern);
+ }
+ }
+ }
+ // Iterate over servlet security objects
Container wrappers[] = context.findChildren();
for (int i = 0; i < wrappers.length; i++) {
Wrapper wrapper = (Wrapper) wrappers[i];
@@ -2138,16 +2149,8 @@
String[] urlPatterns = wrapper.findMappings();
Set<String> servletSecurityPatterns = new
HashSet<String>();
for (String urlPattern : urlPatterns) {
- servletSecurityPatterns.add(urlPattern);
- }
- SecurityConstraint[] constraints = context.findConstraints();
- for (SecurityConstraint constraint2 : constraints) {
- for (SecurityCollection collection2 :
constraint2.findCollections()) {
- for (String urlPattern : collection2.findPatterns()) {
- if (servletSecurityPatterns.contains(urlPattern)) {
- servletSecurityPatterns.remove(urlPattern);
- }
- }
+ if (!excludedPatterns.contains(urlPattern)) {
+ servletSecurityPatterns.add(urlPattern);
}
}
for (String urlPattern : servletSecurityPatterns) {
@@ -2184,16 +2187,8 @@
String[] urlPatterns = wrapper.findMappings();
Set<String> servletSecurityPatterns = new
HashSet<String>();
for (String urlPattern : urlPatterns) {
- servletSecurityPatterns.add(urlPattern);
- }
- SecurityConstraint[] constraints = context.findConstraints();
- for (SecurityConstraint constraint2 : constraints) {
- for (SecurityCollection collection2 :
constraint2.findCollections()) {
- for (String urlPattern : collection2.findPatterns()) {
- if (servletSecurityPatterns.contains(urlPattern)) {
- servletSecurityPatterns.remove(urlPattern);
- }
- }
+ if (!excludedPatterns.contains(urlPattern)) {
+ servletSecurityPatterns.add(urlPattern);
}
}
for (String urlPattern : servletSecurityPatterns) {
Show replies by date