remm 01/11/02 22:53:50 Modified: catalina/src/share/org/apache/catalina/authenticator Tag: tomcat_40_branch AuthenticatorBase.java Log: - Fix a problem with auth constraints, where roles wouldn't get processed right. For example, this would be failing: <auth-constraint> <role-name>foo</role-name> <role-name>foo2</role-name> <role-name>*</role-name> </auth-constraint> (Of course, 'foo' and 'foo2' really don't add anything, but it should still work). Revision Changes Path No revision No revision 1.23.2.1 +11 -13 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java Index: AuthenticatorBase.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v retrieving revision 1.23 retrieving revision 1.23.2.1 diff -u -r1.23 -r1.23.2.1 --- AuthenticatorBase.java 2001/08/03 22:39:33 1.23 +++ AuthenticatorBase.java 2001/11/03 06:53:50 1.23.2.1 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v 1.23 2001/08/03 22:39:33 craigmcc Exp $ - * $Revision: 1.23 $ - * $Date: 2001/08/03 22:39:33 $ + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v 1.23.2.1 2001/11/03 06:53:50 remm Exp $ + * $Revision: 1.23.2.1 $ + * $Date: 2001/11/03 06:53:50 $ * * ==================================================================== * @@ -121,7 +121,7 @@ * requests. Requests of any other type will simply be passed through. * * @author Craig R. McClanahan - * @version $Revision: 1.23 $ $Date: 2001/08/03 22:39:33 $ + * @version $Revision: 1.23.2.1 $ $Date: 2001/11/03 06:53:50 $ */ @@ -585,15 +585,13 @@ String roles[] = constraint.findAuthRoles(); if (roles == null) roles = new String[0]; - if (roles.length == 0) { - if (constraint.getAuthConstraint() && - !constraint.getAllRoles()) { - ((HttpServletResponse) response.getResponse()).sendError - (HttpServletResponse.SC_FORBIDDEN, - sm.getString("authenticator.forbidden")); - return (false); // No listed roles means no access at all - } else - return (true); // Authenticated user is sufficient + if (constraint.getAllRoles()) + return (true); + if ((roles.length == 0) && (constraint.getAuthConstraint())) { + ((HttpServletResponse) response.getResponse()).sendError + (HttpServletResponse.SC_FORBIDDEN, + sm.getString("authenticator.forbidden")); + return (false); // No listed roles means no access at all } for (int i = 0; i < roles.length; i++) { if (realm.hasRole(principal, roles[i]))
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>