Github user cesarhernandezgt commented on a diff in the pull request:
https://github.com/apache/tomee/pull/275#discussion_r241796269
--- Diff:
mp-jwt/src/main/java/org/apache/tomee/microprofile/jwt/jaxrs/MPJWTSecurityAnnotationsInterceptor.java
---
@@ -39,14 +39,19 @@ public void filter(final ContainerRequestContext
requestContext) throws IOExcept
}
final Set<String> roles =
rolesAllowed.get(resourceInfo.getResourceMethod());
+
if (roles != null && !roles.isEmpty()) {
final SecurityContext securityContext =
requestContext.getSecurityContext();
+ Boolean hasAtLeasOneValidRole = false;
--- End diff --
Nice catch @pzygielo !
fixed.
---
