geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From xuhaih...@apache.org
Subject svn commit: r985149 - /geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java
Date Fri, 13 Aug 2010 10:05:13 GMT
Author: xuhaihong
Date: Fri Aug 13 10:05:12 2010
New Revision: 985149

URL: http://svn.apache.org/viewvc?rev=985149&view=rev
Log:
Do not create AuthConstraint object while roles is empty and PermitAll is configured

Modified:
    geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java

Modified: geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java?rev=985149&r1=985148&r2=985149&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java
(original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java
Fri Aug 13 10:05:12 2010
@@ -510,7 +510,8 @@ public class SpecSecurityBuilder {
             }
             if (emptyRoleSemantic.equals(ServletSecurity.EmptyRoleSemantic.DENY)) {
                 securityConstraint.setAuthConstraint(new AuthConstraint());
-            } else {
+            } else if (rolesAllowed.length > 0) {
+                //When rolesAllowed.length == 0 and emptyRoleSemantic.equals(ServletSecurity.EmptyRoleSemantic.PERMIT),
no need to create the AuthConstraint object, as it means deny all
                 AuthConstraint authConstraint = new AuthConstraint();
                 for (String roleAllowed : rolesAllowed) {
                     authConstraint.getRoleName().add(roleAllowed);



Mime
View raw message