From scm-return-44238-apmail-geronimo-scm-archive=geronimo.apache.org@geronimo.apache.org Wed Oct 13 06:00:25 2010
Return-Path: <scm-return-44238-apmail-geronimo-scm-archive=geronimo.apache.org@geronimo.apache.org>
Delivered-To: apmail-geronimo-scm-archive@www.apache.org
Received: (qmail 83651 invoked from network); 13 Oct 2010 06:00:25 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 13 Oct 2010 06:00:25 -0000
Received: (qmail 96910 invoked by uid 500); 13 Oct 2010 06:00:25 -0000
Delivered-To: apmail-geronimo-scm-archive@geronimo.apache.org
Received: (qmail 96862 invoked by uid 500); 13 Oct 2010 06:00:23 -0000
Mailing-List: contact scm-help@geronimo.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:scm-help@geronimo.apache.org>
list-unsubscribe: <mailto:scm-unsubscribe@geronimo.apache.org>
List-Post: <mailto:scm@geronimo.apache.org>
Reply-To: dev@geronimo.apache.org
List-Id: <scm.geronimo.apache.org>
Delivered-To: mailing list scm@geronimo.apache.org
Received: (qmail 96855 invoked by uid 99); 13 Oct 2010 06:00:22 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Oct 2010 06:00:22 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Oct 2010 06:00:15 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
	id C37B5238896F; Wed, 13 Oct 2010 05:59:18 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1022006 -
 /geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java
Date: Wed, 13 Oct 2010 05:59:18 -0000
To: scm@geronimo.apache.org
From: xuhaihong@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20101013055918.C37B5238896F@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: xuhaihong
Date: Wed Oct 13 05:59:18 2010
New Revision: 1022006

URL: http://svn.apache.org/viewvc?rev=1022006&view=rev
Log:
GERONIMO-5640 Qualified web resource permission for each role should be calculated based its own url set

Modified:
    geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java

Modified: geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java?rev=1022006&r1=1022005&r2=1022006&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java Wed Oct 13 05:59:18 2010
@@ -113,12 +113,12 @@ public class SpecSecurityBuilder {
                 for (String urlPattern : webResourceCollection.urlPatterns) {
                     if (currentPatterns == null) {
                         for (String roleName : roleNames) {
-                            currentPatterns = rolesPatterns.get(roleName);
-                            if (currentPatterns == null) {
-                                currentPatterns = new HashMap<String, URLPattern>();
-                                rolesPatterns.put(roleName, currentPatterns);
+                            Map<String, URLPattern> currentRolePatterns = rolesPatterns.get(roleName);
+                            if (currentRolePatterns == null) {
+                                currentRolePatterns = new HashMap<String, URLPattern>();
+                                rolesPatterns.put(roleName, currentRolePatterns);
                             }
-                            analyzeURLPattern(urlPattern, webResourceCollection.httpMethods, webResourceCollection.omission, transport, currentPatterns);
+                            analyzeURLPattern(urlPattern, webResourceCollection.httpMethods, webResourceCollection.omission, transport, currentRolePatterns);
                         }
                     } else {
                         analyzeURLPattern(urlPattern, webResourceCollection.httpMethods, webResourceCollection.omission, transport, currentPatterns);
@@ -176,8 +176,9 @@ public class SpecSecurityBuilder {
             policyConfiguration.addToExcludedPolicy(new WebUserDataPermission(name, actions));
         }
         for (Map.Entry<String, Map<String, URLPattern>> entry : rolesPatterns.entrySet()) {
+            Set<URLPattern> currentRolePatterns = new HashSet<URLPattern>(entry.getValue().values());
             for (URLPattern pattern : entry.getValue().values()) {
-                String name = pattern.getQualifiedPattern(allSet);
+                String name = pattern.getQualifiedPattern(currentRolePatterns);
                 String actions = pattern.getMethods();
                 WebResourcePermission permission = new WebResourcePermission(name, actions);
                 policyConfiguration.addToRole(entry.getKey(), permission);