405535 Implement Request.isUserInRole(role) check security-role-refs defaulting to security-role if no matching ref

2013-04-15 18:23:32 +10:00 · 2013-04-15 18:23:32 +10:00 · 6020321845
parent 1092201341
commit 6020321845
1 changed files with 12 additions and 3 deletions
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultUserIdentity.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultUserIdentity.java
@ -55,11 +55,20 @@ public class DefaultUserIdentity implements UserIdentity

    public boolean isUserInRole(String role, Scope scope)
    { 
+        //Servlet Spec 3.1, pg 125
+        if ("*".equals(role))
+            return false;
+        
+        String roleToTest = null;
        if (scope!=null && scope.getRoleRefMap()!=null)
-            role=scope.getRoleRefMap().get(role);
+            roleToTest=scope.getRoleRefMap().get(role);
+
+        //Servlet Spec 3.1, pg 125
+        if (roleToTest == null)
+            roleToTest = role;
       
        for (String r :_roles)
-            if (r.equals(role))
+            if (r.equals(roleToTest))
                return true;
        return false;
    }