remm 01/11/02 22:52:05
Modified: catalina/src/share/org/apache/catalina/authenticator
AuthenticatorBase.java
Log:
- Fix a problem with auth constraints, where roles wouldn't get processed right.
For example, this would be failing:
<auth-constraint>
<role-name>foo</role-name>
<role-name>foo2</role-name>
<role-name>*</role-name>
</auth-constraint>
(Of course, 'foo' and 'foo2' really don't add anything, but it should still work).
Revision Changes Path
1.24 +12 -13
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
Index: AuthenticatorBase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- AuthenticatorBase.java 2001/08/03 22:39:33 1.23
+++ AuthenticatorBase.java 2001/11/03 06:52:05 1.24
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
1.23 2001/08/03 22:39:33 craigmcc Exp $
- * $Revision: 1.23 $
- * $Date: 2001/08/03 22:39:33 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
1.24 2001/11/03 06:52:05 remm Exp $
+ * $Revision: 1.24 $
+ * $Date: 2001/11/03 06:52:05 $
*
* ====================================================================
*
@@ -121,7 +121,7 @@
* requests. Requests of any other type will simply be passed through.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.23 $ $Date: 2001/08/03 22:39:33 $
+ * @version $Revision: 1.24 $ $Date: 2001/11/03 06:52:05 $
*/
@@ -585,15 +585,14 @@
String roles[] = constraint.findAuthRoles();
if (roles == null)
roles = new String[0];
- if (roles.length == 0) {
- if (constraint.getAuthConstraint() &&
- !constraint.getAllRoles()) {
- ((HttpServletResponse) response.getResponse()).sendError
- (HttpServletResponse.SC_FORBIDDEN,
- sm.getString("authenticator.forbidden"));
- return (false); // No listed roles means no access at all
- } else
- return (true); // Authenticated user is sufficient
+
+ if (constraint.getAllRoles())
+ return (true);
+ if ((roles.length == 0) && (constraint.getAuthConstraint())) {
+ ((HttpServletResponse) response.getResponse()).sendError
+ (HttpServletResponse.SC_FORBIDDEN,
+ sm.getString("authenticator.forbidden"));
+ return (false); // No listed roles means no access at all
}
for (int i = 0; i < roles.length; i++) {
if (realm.hasRole(principal, roles[i]))
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
