Hmm, I do not see this scenario exists, currentPattern is never used while calculating the role based security. Do we get any cases failed ?
2010/10/20 <genspr...@apache.org> > Author: genspring > Date: Wed Oct 20 11:55:31 2010 > New Revision: 1025519 > > URL: http://svn.apache.org/viewvc?rev=1025519&view=rev > Log: > Somehow, once currentRolePatterns = new HashMap<String, URLPattern>(); is > executed.currentPatterns will point to the same reference of > currentRolePatterns. > > Pull (currentPatterns ==null) out of the loop to avoid the unexpected logic > caused by the problem above. > > Modified: > > > geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java > > Modified: > geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java > URL: > http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java?rev=1025519&r1=1025518&r2=1025519&view=diff > > ============================================================================== > --- > geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java > (original) > +++ > geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java > Wed Oct 20 11:55:31 2010 > @@ -108,10 +108,13 @@ public class SpecSecurityBuilder { > currentPatterns = uncheckedPatterns; > } > String transport = securityConstraint.userDataConstraint == > null ? "NONE" : securityConstraint.userDataConstraint; > + > + boolean isRolebasedPatten = (currentPatterns == null); > + > for (WebResourceCollectionInfo webResourceCollection : > securityConstraint.webResourceCollections) { > //Calculate HTTP methods list > for (String urlPattern : webResourceCollection.urlPatterns) > { > - if (currentPatterns == null) { > + if (isRolebasedPatten) { > for (String roleName : roleNames) { > Map<String, URLPattern> currentRolePatterns = > rolesPatterns.get(roleName); > if (currentRolePatterns == null) { > > > -- Ivan