larryi      01/07/10 13:51:10

  Modified:    src/share/org/apache/tomcat/core BaseInterceptor.java
  Log:
  Update authorize() method to default to returning DECLINED so it doesn't
  authorize by default.
  
  Revision  Changes    Path
  1.48      +2 -2      
jakarta-tomcat/src/share/org/apache/tomcat/core/BaseInterceptor.java
  
  Index: BaseInterceptor.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/BaseInterceptor.java,v
  retrieving revision 1.47
  retrieving revision 1.48
  diff -u -r1.47 -r1.48
  --- BaseInterceptor.java      2001/06/28 07:43:00     1.47
  +++ BaseInterceptor.java      2001/07/10 20:51:08     1.48
  @@ -163,7 +163,7 @@
        *  The authorize is called by isUserInRole() and by ContextManager
        *  if the request have security constraints.
        *
  -     *  @returns 0 if the module can't take a decision
  +     *  @returns DECLINED if the module can't make a decision
        *           401 If the user is not authorized ( doesn't have
        *               any of the required roles )
        *           200 If the user have the right roles. No further module
  @@ -171,7 +171,7 @@
        */
       public int authorize(Request request, Response response,
                         String reqRoles[]) {
  -     return 0;
  +     return DECLINED;
       }
   
       /** Called before service method is invoked. 
  
  
  

Reply via email to