diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultUserIdentity.java b/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultUserIdentity.java
index 28b0cb3a44c..dd12b1d9118 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultUserIdentity.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultUserIdentity.java
@@ -54,13 +54,19 @@ public class DefaultUserIdentity implements UserIdentity
}
public boolean isUserInRole(String role, Scope scope)
- {
+ {
if (scope!=null && scope.getRoleRefMap()!=null)
- role=scope.getRoleRefMap().get(role);
-
+ {
+ String mappedRole = scope.getRoleRefMap().get(role);
+ if (mappedRole != null)
+ role = mappedRole;
+ }
+
for (String r :_roles)
+ {
if (r.equals(role))
return true;
+ }
return false;
}
diff --git a/tests/test-webapps/test-servlet-spec/test-spec-webapp/src/main/java/com/acme/RoleAnnotationTest.java b/tests/test-webapps/test-servlet-spec/test-spec-webapp/src/main/java/com/acme/RoleAnnotationTest.java
index 303f35ca6ca..d16b7373a46 100644
--- a/tests/test-webapps/test-servlet-spec/test-spec-webapp/src/main/java/com/acme/RoleAnnotationTest.java
+++ b/tests/test-webapps/test-servlet-spec/test-spec-webapp/src/main/java/com/acme/RoleAnnotationTest.java
@@ -75,7 +75,7 @@ public class RoleAnnotationTest extends HttpServlet
result = request.isUserInRole("manager");
out.println("
Result: isUserInRole(\"manager\")="+result+":"+ (result?" PASS":" FAIL")+"");
result = request.isUserInRole("user");
- out.println("
Result: isUserInRole(\"user\")="+result+":"+ (result==false?" PASS":" FAIL")+"");
+ out.println("
Result: isUserInRole(\"user\")="+result+":"+ (result?" PASS":" FAIL")+"");
String context = _config.getServletContext().getContextPath();
if (!context.endsWith("/"))
context += "/";