Author: markt
Date: Sat Apr 5 10:57:08 2008
New Revision: 645149
URL: http://svn.apache.org/viewvc?rev=645149&view=rev
Log:
Fix bug 44529. Deny all should override allow all.
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=645149&r1=645148&r2=645149&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sat Apr 5 10:57:08 2008
@@ -107,12 +107,6 @@
+1: markt, remm, fhanik
-1:
-* No roles (deny all) trumps no auth-constraint (allow all)
- https://issues.apache.org/bugzilla/show_bug.cgi?id=44529
- http://svn.apache.org/viewvc?rev=642542&view=rev
- +1: markt, remm, fhanik
- -1:
-
* Document missing secret attributes
https://issues.apache.org/bugzilla/show_bug.cgi?id=44715
http://svn.apache.org/viewvc?rev=643497&view=rev
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?rev=645149&r1=645148&r2=645149&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java Sat Apr
5 10:57:08 2008
@@ -776,17 +776,16 @@
log.debug("No roles ");
status = false; // No listed roles means no access at all
denyfromall = true;
+ break;
} else {
if(log.isDebugEnabled())
log.debug("Passing all access");
- return (true);
+ status = true;
}
} else if (principal == null) {
if (log.isDebugEnabled())
log.debug(" No user authenticated, cannot grant access");
- status = false;
- } else if(!denyfromall) {
-
+ } else {
for (int j = 0; j < roles.length; j++) {
if (hasRole(principal, roles[j]))
status = true;
@@ -796,7 +795,8 @@
}
}
- if (allRolesMode != AllRolesMode.STRICT_MODE && !status && principal
!= null) {
+ if (!denyfromall && allRolesMode != AllRolesMode.STRICT_MODE &&
+ !status && principal != null) {
if (log.isDebugEnabled()) {
log.debug("Checking for all roles mode: " + allRolesMode);
}
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=645149&r1=645148&r2=645149&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sat Apr 5 10:57:08 2008
@@ -53,6 +53,10 @@
Fix NPE when iterating through sessions for expiration. (fhanik/jim)
</fix>
<fix>
+ <bug>44529</bug>: Correct handling of resource constraints so no roles
+ (deny all) overrides no aoth-constraint (allow all). (markt)
+ </fix>
+ <fix>
<bug>44562</bug>: HEAD requests cannot use includes. Patch provided by
David Jencks. (markt)
</fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
