markt-asf commented on a change in pull request #186: BZ 63636:
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311725976
##########
File path: java/org/apache/catalina/realm/RealmBase.java
##########
@@ -928,6 +928,15 @@ public boolean hasRole(Wrapper wrapper, Principal
principal, String role) {
}
}
+ // Check for a role alias/mapping defined on context level
+ if (getContainer() instanceof Context) {
+ Context context = (Context) getContainer();
+ String realRole = context.findRoleMapping(role);
Review comment:
`findSecurityReference()` != `findSecurityReferences()`
`findSecurityReference()` is the method that tries to map a single role and
should be changed.
`findSecurityReferences()` is closer to a getter for the current settings
for the Wrapper and should be unchanged.
So:
```
@Override
public String findSecurityReference(String name) {
String reference;
// First check the Wrapper
referencesLock.readLock().lock();
try {
reference = references.get(name);
} finally {
referencesLock.readLock().unlock();
}
// If not specified on the Wrapper, check the Context
if (reference == null && getParent() instanceof Context) {
reference = ((Context) getParent()).findRoleMapping(name);
}
return reference;
}
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
