svn commit: r1348499 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/realm/DataSourceRealm.java java/org/apache/catalina/realm/JDBCRealm.java

[markt]

Author: markt
Date: Sat Jun  9 20:37:14 2012
New Revision: 1348499

URL: http://svn.apache.org/viewvc?rev=1348499&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53047
If the Realm is configured for an authentication only all roles mode and no 
role table or column is defined, don't populate the Principal's roles

Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java
    tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1348498

Modified: 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java?rev=1348499&r1=1348498&r2=1348499&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java 
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java 
Sat Jun  9 20:37:14 2012
@@ -524,6 +524,12 @@ public class DataSourceRealm
     protected ArrayList<String> getRoles(Connection dbConnection,
                                      String username) {
         
+        if (allRolesMode != AllRolesMode.STRICT_MODE && !isRoleStoreDefined()) 
{
+            // Using an authentication only configuration and no role store has
+            // been defined so don't spend cycles looking
+            return null;
+        }
+
         ResultSet rs = null;
         PreparedStatement stmt = null;
         ArrayList<String> list = null;
@@ -603,8 +609,13 @@ public class DataSourceRealm
 
     }
 
-    // ------------------------------------------------------ Lifecycle Methods
 
+    private boolean isRoleStoreDefined() {
+        return userRoleTable != null || roleNameCol != null;
+    }
+
+
+    // ------------------------------------------------------ Lifecycle Methods
 
     /**
      * Prepare for the beginning of active use of the public methods of this

Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java?rev=1348499&r1=1348498&r2=1348499&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java 
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java Sat Jun  
9 20:37:14 2012
@@ -615,6 +615,12 @@ public class JDBCRealm
      */
     protected ArrayList<String> getRoles(String username) {
         
+        if (allRolesMode != AllRolesMode.STRICT_MODE && !isRoleStoreDefined()) 
{
+            // Using an authentication only configuration and no role store has
+            // been defined so don't spend cycles looking
+            return null;
+        }
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
 
@@ -674,8 +680,7 @@ public class JDBCRealm
             numberOfTries--;
         }
         
-        return (null);
-        
+        return null;
     }
     
     
@@ -762,8 +767,12 @@ public class JDBCRealm
     }
 
 
-    // ------------------------------------------------------ Lifecycle Methods
+    private boolean isRoleStoreDefined() {
+        return userRoleTable != null || roleNameCol != null;
+    }
+
 
+    // ------------------------------------------------------ Lifecycle Methods
 
     /**
      * Prepare for the beginning of active use of the public methods of this



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org