Author: markt Date: Tue Feb 6 11:38:09 2018 New Revision: 1823306 URL: http://svn.apache.org/viewvc?rev=1823306&view=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62067 Correctly apply security constraints mapped to the context root using a URL pattern of ""
Modified: tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java?rev=1823306&r1=1823305&r2=1823306&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java (original) +++ tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java Tue Feb 6 11:38:09 2018 @@ -546,9 +546,9 @@ public abstract class RealmBase extends // Check each defined security constraint String uri = request.getRequestPathMB().toString(); - // Bug47080 - in rare cases this may be null + // Bug47080 - in rare cases this may be null or "" // Mapper treats as '/' do the same to prevent NPE - if (uri == null) { + if (uri == null || uri.length() == 0) { uri = "/"; } @@ -580,7 +580,8 @@ public abstract class RealmBase extends } for(int k=0; k < patterns.length; k++) { - if(uri.equals(patterns[k])) { + // Exact match including special case for the context root. + if(uri.equals(patterns[k]) || patterns[k].length() == 0 && uri.equals("/")) { found = true; if(collection[j].findMethod(method)) { if(results == null) { Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1823306&r1=1823305&r2=1823306&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Tue Feb 6 11:38:09 2018 @@ -91,6 +91,10 @@ When using Tomcat embedded, only perform Authenticator configuration once during web application start. (markt) </fix> + <fix> + <bug>62067</bug>: Correctly apply security constraints mapped to the + context root using a URL pattern of <code>""</code>. (markt) + </fix> </changelog> </subsection> <subsection name="Coyote"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org