Github user pzygielo commented on a diff in the pull request:
https://github.com/apache/tomee/pull/275#discussion_r241679807
--- Diff:
mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/jaxrs/MPJWTSecurityAnnotationsInterceptor.java
---
@@ -39,14 +39,19 @@ public void filter(final ContainerRequestContext
requestContext) throws IOExcept
}
final Set<String> roles =
rolesAllowed.get(resourceInfo.getResourceMethod());
+
if (roles != null && !roles.isEmpty()) {
final SecurityContext securityContext =
requestContext.getSecurityContext();
+ Boolean hasAtLeasOneValidRole = false;
--- End diff --
Why not use primitive `boolean`? Avoid boxing here and in L48 and unboxing
in L52.
---
