Author: markt Date: Sat Mar 29 07:48:24 2008 New Revision: 642542 URL: http://svn.apache.org/viewvc?rev=642542&view=rev Log: https://issues.apache.org/bugzilla/show_bug.cgi?id=44529 No roles (deny all) trumps no auth-constraint (allow all)
Modified: tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java Modified: tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java?rev=642542&r1=642541&r2=642542&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java (original) +++ tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java Sat Mar 29 07:48:24 2008 @@ -776,17 +776,16 @@ log.debug("No roles "); status = false; // No listed roles means no access at all denyfromall = true; + break; } else { if(log.isDebugEnabled()) log.debug("Passing all access"); - return (true); + status = true; } } else if (principal == null) { if (log.isDebugEnabled()) log.debug(" No user authenticated, cannot grant access"); - status = false; - } else if(!denyfromall) { - + } else { for (int j = 0; j < roles.length; j++) { if (hasRole(principal, roles[j])) status = true; @@ -796,7 +795,8 @@ } } - if (allRolesMode != AllRolesMode.STRICT_MODE && !status && principal != null) { + if (!denyfromall && allRolesMode != AllRolesMode.STRICT_MODE && + !status && principal != null) { if (log.isDebugEnabled()) { log.debug("Checking for all roles mode: " + allRolesMode); } --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]