Author: markt Date: Wed Jul 30 10:49:50 2008 New Revision: 681143 URL: http://svn.apache.org/viewvc?rev=681143&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44529 No roles (deny all) trumps no auth-constraint (allow all)
Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java tomcat/container/tc5.5.x/webapps/docs/changelog.xml tomcat/current/tc5.5.x/STATUS.txt Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java?rev=681143&r1=681142&r2=681143&view=diff ============================================================================== --- tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java (original) +++ tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java Wed Jul 30 10:49:50 2008 @@ -774,17 +774,16 @@ log.debug("No roles "); status = false; // No listed roles means no access at all denyfromall = true; + break; } else { if(log.isDebugEnabled()) log.debug("Passing all access"); - return (true); + status = true; } } else if (principal == null) { if (log.isDebugEnabled()) log.debug(" No user authenticated, cannot grant access"); - status = false; - } else if(!denyfromall) { - + } else { for (int j = 0; j < roles.length; j++) { if (hasRole(principal, roles[j])) status = true; @@ -794,7 +793,8 @@ } } - if (allRolesMode != AllRolesMode.STRICT_MODE && !status && principal != null) { + if (!denyfromall && allRolesMode != AllRolesMode.STRICT_MODE && + !status && principal != null) { if (log.isDebugEnabled()) { log.debug("Checking for all roles mode: " + allRolesMode); } Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?rev=681143&r1=681142&r2=681143&view=diff ============================================================================== --- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original) +++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Wed Jul 30 10:49:50 2008 @@ -50,6 +50,10 @@ requested. Patch provided by Charles R Caldarale. (markt) </fix> <fix> + <bug>44529</bug>: No roles specified (deny all) should take precedence + over no auth-constraint specified (allow-all). (markt) + </fix> + <fix> <bug>44673</bug>: Throw IOE if ServletInputStream is closed and a call is made to any read(), ready(), mark(), reset(), or skip() method as per javadocs for Reader. (markt) Modified: tomcat/current/tc5.5.x/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/current/tc5.5.x/STATUS.txt?rev=681143&r1=681142&r2=681143&view=diff ============================================================================== --- tomcat/current/tc5.5.x/STATUS.txt (original) +++ tomcat/current/tc5.5.x/STATUS.txt Wed Jul 30 10:49:50 2008 @@ -41,12 +41,6 @@ +1: markt -1: fhanik - Rainer backported all the fixes, we should evaluate those, I'll add them at the bottom -* No roles (deny all) trumps no auth-constraint (allow all) - https://issues.apache.org/bugzilla/show_bug.cgi?id=44529 - http://svn.apache.org/viewvc?rev=642542&view=rev - +1: markt, fhanik, yoavs - -1: - * Fix reading of multi-byte request data https://issues.apache.org/bugzilla/show_bug.cgi?id=44494 http://svn.apache.org/viewvc?rev=642814&view=rev (clean-up) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]