michael-o commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole() URL: https://github.com/apache/tomcat/pull/186#discussion_r311748303
########## File path: java/org/apache/catalina/realm/RealmBase.java ########## @@ -928,6 +928,15 @@ public boolean hasRole(Wrapper wrapper, Principal principal, String role) { } } + // Check for a role alias/mapping defined on context level + if (getContainer() instanceof Context) { + Context context = (Context) getContainer(); + String realRole = context.findRoleMapping(role); Review comment: Wouldn't it be confusing when `findSecurityReference()` can map a role which `findSecurityReferences()` does not contain? Why the null check? Wouldn't it be possible for a servlet security role ref to be also mapped to a technical role? My current does this. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org