From f19421112a90d993514ae20b09a6a95f18d57a2a Mon Sep 17 00:00:00 2001
From: Jan Bartel <janb@intalio.com>
Date: Tue, 23 Jul 2013 17:20:55 +1000
Subject: [PATCH] 405535 implement Request.isUserInRole(role) check
 security-role-refs defaulting to security-role if no matching ref

---
 .../eclipse/jetty/security/DefaultUserIdentity.java  | 12 +++++++++---
 .../src/main/java/com/acme/RoleAnnotationTest.java   |  2 +-
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultUserIdentity.java b/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultUserIdentity.java
index 28b0cb3a44c..dd12b1d9118 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultUserIdentity.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultUserIdentity.java
@@ -54,13 +54,19 @@ public class DefaultUserIdentity implements UserIdentity
     }
 
     public boolean isUserInRole(String role, Scope scope)
-    {
+    {  
         if (scope!=null && scope.getRoleRefMap()!=null)
-            role=scope.getRoleRefMap().get(role);
-
+        {
+            String mappedRole = scope.getRoleRefMap().get(role);
+            if (mappedRole != null)
+                role = mappedRole;
+        }
+        
         for (String r :_roles)
+        {
             if (r.equals(role))
                 return true;
+        }
         return false;
     }
 
diff --git a/tests/test-webapps/test-servlet-spec/test-spec-webapp/src/main/java/com/acme/RoleAnnotationTest.java b/tests/test-webapps/test-servlet-spec/test-spec-webapp/src/main/java/com/acme/RoleAnnotationTest.java
index 303f35ca6ca..d16b7373a46 100644
--- a/tests/test-webapps/test-servlet-spec/test-spec-webapp/src/main/java/com/acme/RoleAnnotationTest.java
+++ b/tests/test-webapps/test-servlet-spec/test-spec-webapp/src/main/java/com/acme/RoleAnnotationTest.java
@@ -75,7 +75,7 @@ public class RoleAnnotationTest extends HttpServlet
             result = request.isUserInRole("manager");
             out.println("<br/><b>Result: isUserInRole(\"manager\")="+result+":"+ (result?" <span class=\"pass\">PASS":" <span class=\"fail\">FAIL")+"</span></b>");
             result = request.isUserInRole("user");
-            out.println("<br/><b>Result: isUserInRole(\"user\")="+result+":"+ (result==false?" <span class=\"pass\">PASS":" <span class=\"fail\">FAIL")+"</span></b>");
+            out.println("<br/><b>Result: isUserInRole(\"user\")="+result+":"+ (result?" <span class=\"pass\">PASS":" <span class=\"fail\">FAIL")+"</span></b>");
             String context = _config.getServletContext().getContextPath();
             if (!context.endsWith("/"))
                 context += "/";