larryi 01/07/10 13:51:10
Modified: src/share/org/apache/tomcat/core BaseInterceptor.java
Log:
Update authorize() method to default to returning DECLINED so it doesn't
authorize by default.
Revision Changes Path
1.48 +2 -2
jakarta-tomcat/src/share/org/apache/tomcat/core/BaseInterceptor.java
Index: BaseInterceptor.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/BaseInterceptor.java,v
retrieving revision 1.47
retrieving revision 1.48
diff -u -r1.47 -r1.48
--- BaseInterceptor.java 2001/06/28 07:43:00 1.47
+++ BaseInterceptor.java 2001/07/10 20:51:08 1.48
@@ -163,7 +163,7 @@
* The authorize is called by isUserInRole() and by ContextManager
* if the request have security constraints.
*
- * @returns 0 if the module can't take a decision
+ * @returns DECLINED if the module can't make a decision
* 401 If the user is not authorized ( doesn't have
* any of the required roles )
* 200 If the user have the right roles. No further module
@@ -171,7 +171,7 @@
*/
public int authorize(Request request, Response response,
String reqRoles[]) {
- return 0;
+ return DECLINED;
}
/** Called before service method is invoked.