From 6020321845ee25924ec170bf46ac87883e737991 Mon Sep 17 00:00:00 2001
From: Jan Bartel <janb@intalio.com>
Date: Mon, 15 Apr 2013 18:23:32 +1000
Subject: [PATCH] 405535 Implement Request.isUserInRole(role) check
 security-role-refs defaulting to security-role if no matching ref

---
 .../jetty/security/DefaultUserIdentity.java       | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultUserIdentity.java b/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultUserIdentity.java
index 28b0cb3a44c..fcf77d0047c 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultUserIdentity.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultUserIdentity.java
@@ -54,12 +54,21 @@ public class DefaultUserIdentity implements UserIdentity
     }
 
     public boolean isUserInRole(String role, Scope scope)
-    {
+    { 
+        //Servlet Spec 3.1, pg 125
+        if ("*".equals(role))
+            return false;
+        
+        String roleToTest = null;
         if (scope!=null && scope.getRoleRefMap()!=null)
-            role=scope.getRoleRefMap().get(role);
+            roleToTest=scope.getRoleRefMap().get(role);
 
+        //Servlet Spec 3.1, pg 125
+        if (roleToTest == null)
+            roleToTest = role;
+       
         for (String r :_roles)
-            if (r.equals(role))
+            if (r.equals(roleToTest))
                 return true;
         return false;
     }