svn commit: r1494930 - /tomcat/trunk/java/org/apache/catalina/core/StandardContext.java

Thu, 20 Jun 2013 04:18:18 -0700 

Author: markt
Date: Thu Jun 20 11:17:51 2013
New Revision: 1494930

URL: http://svn.apache.org/r1494930
Log:
Another copy/paste error
Also need to protect any remaining patterns with only omitted methods.

Modified:
    tomcat/trunk/java/org/apache/catalina/core/StandardContext.java

Modified: tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardContext.java?rev=1494930&r1=1494929&r2=1494930&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/StandardContext.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/StandardContext.java Thu Jun 20 
11:17:51 2013
@@ -5473,7 +5473,44 @@ public class StandardContext extends Con
                             "standardContext.uncoveredHttpOmittedMethodFix",
                             pattern, msg.toString().trim()));
                     SecurityCollection collection = new SecurityCollection();
-                    for (String method : methods) {
+                    for (String method : omittedMethods) {
+                        collection.addMethod(method);
+                    }
+                    collection.addPattern(pattern);
+                    collection.setName("deny-uncovered-http-methods");
+                    SecurityConstraint constraint = new SecurityConstraint();
+                    constraint.setAuthConstraint(true);
+                    constraint.addCollection(collection);
+                    addConstraint(constraint);
+                } else {
+                    log.error(sm.getString(
+                            "standardContext.uncoveredHttpOmittedMethod",
+                            pattern, msg.toString().trim()));
+                }
+            }
+        }
+        for (Map.Entry<String, Set<String>> entry :
+                urlOmittedMethodMap.entrySet()) {
+            String pattern = entry.getKey();
+            if (coveredPatterns.contains(pattern)) {
+                // Fully covered. Ignore any partial coverage
+                continue;
+            }
+
+            Set<String> omittedMethods = entry.getValue();
+
+            if (omittedMethods.size() > 0) {
+                StringBuilder msg = new StringBuilder();
+                for (String method : omittedMethods) {
+                    msg.append(method);
+                    msg.append(' ');
+                }
+                if (getDenyUncoveredHttpMethods()) {
+                    log.info(sm.getString(
+                            "standardContext.uncoveredHttpOmittedMethodFix",
+                            pattern, msg.toString().trim()));
+                    SecurityCollection collection = new SecurityCollection();
+                    for (String method : omittedMethods) {
                         collection.addMethod(method);
                     }
                     collection.addPattern(pattern);



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to