Right,I also can't find any code logic error. it's a strange run-time behavior.
The snippet under "(currentPatterns ==null) " only get executed once because (currentPatterns ==null) =false after that. In Eclipse debug session, I could see currentPatterns's object id the same as that of the first currentRolePatterns object. On Wed, Oct 20, 2010 at 8:04 PM, Ivan <[email protected]> wrote: > Hmm, I do not see this scenario exists, currentPattern is never used while > calculating the role based security. > Do we get any cases failed ? > > 2010/10/20 <[email protected]> > > Author: genspring >> Date: Wed Oct 20 11:55:31 2010 >> New Revision: 1025519 >> >> URL: http://svn.apache.org/viewvc?rev=1025519&view=rev >> Log: >> Somehow, once currentRolePatterns = new HashMap<String, URLPattern>(); is >> executed.currentPatterns will point to the same reference of >> currentRolePatterns. >> >> Pull (currentPatterns ==null) out of the loop to avoid the unexpected >> logic caused by the problem above. >> >> Modified: >> >> >> geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java >> >> Modified: >> geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java >> URL: >> http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java?rev=1025519&r1=1025518&r2=1025519&view=diff >> >> ============================================================================== >> --- >> geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java >> (original) >> +++ >> geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java >> Wed Oct 20 11:55:31 2010 >> @@ -108,10 +108,13 @@ public class SpecSecurityBuilder { >> currentPatterns = uncheckedPatterns; >> } >> String transport = securityConstraint.userDataConstraint == >> null ? "NONE" : securityConstraint.userDataConstraint; >> + >> + boolean isRolebasedPatten = (currentPatterns == null); >> + >> for (WebResourceCollectionInfo webResourceCollection : >> securityConstraint.webResourceCollections) { >> //Calculate HTTP methods list >> for (String urlPattern : >> webResourceCollection.urlPatterns) { >> - if (currentPatterns == null) { >> + if (isRolebasedPatten) { >> for (String roleName : roleNames) { >> Map<String, URLPattern> currentRolePatterns = >> rolesPatterns.get(roleName); >> if (currentRolePatterns == null) { >> >> >> > > > -- > Ivan > -- Shawn
