Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

405535 Implement Request.isUserInRole(role) check security-role-refs defaulting to security-role if no matching ref

This commit is contained in:
Jan Bartel 2013-04-15 18:23:32 +10:00
parent 1092201341
commit 6020321845
1 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
jetty-security/src/main/java/org/eclipse/jetty/security/DefaultUserIdentity.java
View File

@ -54,12 +54,21 @@ public class DefaultUserIdentity implements UserIdentity
}
public boolean isUserInRole(String role, Scope scope)
{
{
//Servlet Spec 3.1, pg 125
if ("*".equals(role))
return false;
String roleToTest = null;
if (scope!=null && scope.getRoleRefMap()!=null)
role=scope.getRoleRefMap().get(role);
roleToTest=scope.getRoleRefMap().get(role);
//Servlet Spec 3.1, pg 125
if (roleToTest == null)
roleToTest = role;
for (String r :_roles)
if (r.equals(role))
if (r.equals(roleToTest))
return true;
return false;
}