This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch BZ-63636/tomcat-9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit d53f76b1d6fd8e8f636f98a66b74aa8242a8d23b
Author: Michael Osipov <micha...@apache.org>
AuthorDate: Thu Aug 8 12:48:47 2019 +0200

    Move Context#findRoleMapping() to Wrapper#findSecurityReference()
---
 java/org/apache/catalina/core/StandardWrapper.java | 14 +++++++++++++-
 java/org/apache/catalina/realm/RealmBase.java      | 11 +----------
 2 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/java/org/apache/catalina/core/StandardWrapper.java 
b/java/org/apache/catalina/core/StandardWrapper.java
index a28dd73..7bfb512 100644
--- a/java/org/apache/catalina/core/StandardWrapper.java
+++ b/java/org/apache/catalina/core/StandardWrapper.java
@@ -920,14 +920,26 @@ public class StandardWrapper extends ContainerBase
      */
     @Override
     public String findSecurityReference(String name) {
+        String reference = null;
 
         referencesLock.readLock().lock();
         try {
-            return references.get(name);
+            reference = references.get(name);
         } finally {
             referencesLock.readLock().unlock();
         }
 
+        // If not specified on the Wrapper, check the Context
+        if (getParent() instanceof Context) {
+            Context context = (Context) getParent();
+            if (reference != null) {
+                reference = context.findRoleMapping(reference);
+            } else {
+                reference = context.findRoleMapping(name);
+            }
+        }
+
+        return reference;
     }
 
 
diff --git a/java/org/apache/catalina/realm/RealmBase.java 
b/java/org/apache/catalina/realm/RealmBase.java
index dbeeaa3..833973a 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -920,7 +920,7 @@ public abstract class RealmBase extends LifecycleMBeanBase 
implements Realm {
      */
     @Override
     public boolean hasRole(Wrapper wrapper, Principal principal, String role) {
-        // Check for a role alias defined in a <security-role-ref> element
+        // Check for a role alias
         if (wrapper != null) {
             String realRole = wrapper.findSecurityReference(role);
             if (realRole != null) {
@@ -928,15 +928,6 @@ public abstract class RealmBase extends LifecycleMBeanBase 
implements Realm {
             }
         }
 
-        // Check for a role alias/mapping defined on context level
-        if (getContainer() instanceof Context) {
-            Context context = (Context) getContainer();
-            String realRole = context.findRoleMapping(role);
-            if (realRole != null) {
-                role = realRole;
-            }
-        }
-
         // Should be overridden in JAASRealm - to avoid pretty inefficient 
conversions
         if (principal == null || role == null) {
             return false;


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to