[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-dev] Fix to ConstraintSecurityHandler

Hi David,

I've checked in a small fix to the ConstraintSecurityHandler class,
jetty eclipse svn rev 149.

A web security constraint specifying particular methods was resulting
in null being returned from prepareConstraintInfo(), thus the authentication
was never triggered.

The web.xml was:


    <realm-name>Foo Realm</realm-name>


Looks like a simple bug, and this is my fix:
             String httpMethod = request.getMethod();
             RoleInfo roleInfo = mappings.get(httpMethod);
             if (roleInfo == null)
-            {
                 roleInfo = mappings.get(null);
-                if (roleInfo != null)
-                {
-                    return roleInfo;
-                }
-            }
+            return roleInfo;
         return null;

Just wanted to run it past you to make sure there's not something
I've missed.

Oh, and I modified the ConstraintTest just a little as well to
include a test for specifying a http method in the constraints.

Jan Bartel, Webtide LLC | janb@xxxxxxxxxxx | http://www.webtide.com