Author: markt Date: Mon Jan 2 07:40:09 2006 New Revision: 365362 URL: http://svn.apache.org/viewcvs?rev=365362&view=rev Log: Fix bug 15570. Magic role of * was interpreted as all authenticated users rather than as all roles defined in web.xml
Modified: tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java Modified: tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java URL: http://svn.apache.org/viewcvs/tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=365362&r1=365361&r2=365362&view=diff ============================================================================== --- tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java (original) +++ tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java Mon Jan 2 07:40:09 2006 @@ -566,10 +566,14 @@ } // Check each role included in this constraint - if (constraint.getAllRoles()) - return (true); + String roles[]; + if (constraint.getAllRoles()) { + // * means all roles defined in web.xml + roles = context.findSecurityRoles(); + } else { + roles = constraint.findAuthRoles(); + } - String roles[] = constraint.findAuthRoles(); if (roles == null) roles = new String[0]; --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]