tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r645149 - in /tomcat/tc6.0.x/trunk: STATUS.txt java/org/apache/catalina/realm/RealmBase.java webapps/docs/changelog.xml
Date Sat, 05 Apr 2008 17:57:14 GMT
Author: markt
Date: Sat Apr  5 10:57:08 2008
New Revision: 645149

URL: http://svn.apache.org/viewvc?rev=645149&view=rev
Log:
Fix bug 44529. Deny all should override allow all.

Modified:
    tomcat/tc6.0.x/trunk/STATUS.txt
    tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java
    tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=645149&r1=645148&r2=645149&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sat Apr  5 10:57:08 2008
@@ -107,12 +107,6 @@
   +1: markt, remm, fhanik
   -1:
 
-* No roles (deny all) trumps no auth-constraint (allow all)
-  https://issues.apache.org/bugzilla/show_bug.cgi?id=44529
-  http://svn.apache.org/viewvc?rev=642542&view=rev
-  +1: markt, remm, fhanik
-  -1:
-
 * Document missing secret attributes
   https://issues.apache.org/bugzilla/show_bug.cgi?id=44715
   http://svn.apache.org/viewvc?rev=643497&view=rev

Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?rev=645149&r1=645148&r2=645149&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java Sat Apr  5 10:57:08
2008
@@ -776,17 +776,16 @@
                         log.debug("No roles ");
                     status = false; // No listed roles means no access at all
                     denyfromall = true;
+                    break;
                 } else {
                     if(log.isDebugEnabled())
                         log.debug("Passing all access");
-                    return (true);
+                    status = true;
                 }
             } else if (principal == null) {
                 if (log.isDebugEnabled())
                     log.debug("  No user authenticated, cannot grant access");
-                status = false;
-            } else if(!denyfromall) {
-
+            } else {
                 for (int j = 0; j < roles.length; j++) {
                     if (hasRole(principal, roles[j]))
                         status = true;
@@ -796,7 +795,8 @@
             }
         }
 
-        if (allRolesMode != AllRolesMode.STRICT_MODE && !status && principal
!= null) {
+        if (!denyfromall && allRolesMode != AllRolesMode.STRICT_MODE &&
+                !status && principal != null) {
             if (log.isDebugEnabled()) {
                 log.debug("Checking for all roles mode: " + allRolesMode);
             }

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=645149&r1=645148&r2=645149&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sat Apr  5 10:57:08 2008
@@ -53,6 +53,10 @@
         Fix NPE when iterating through sessions for expiration. (fhanik/jim)
       </fix>
       <fix>
+        <bug>44529</bug>: Correct handling of resource constraints so no roles
+        (deny all) overrides no aoth-constraint (allow all). (markt)
+      </fix>
+      <fix>
         <bug>44562</bug>: HEAD requests cannot use includes. Patch provided by
         David Jencks. (markt)
       </fix>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message