Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
…3309 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
markt-asf committed Feb 6, 2018
1 parent 67e8c72 commit 2d69fde
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 3 deletions.
7 changes: 4 additions & 3 deletions java/org/apache/catalina/realm/RealmBase.java
Original file line number Diff line number Diff line change
Expand Up @@ -688,9 +688,9 @@ public void backgroundProcess() {

// Check each defined security constraint
String uri = request.getRequestPathMB().toString();
// Bug47080 - in rare cases this may be null
// Bug47080 - in rare cases this may be null or ""
// Mapper treats as '/' do the same to prevent NPE
if (uri == null) {
if (uri == null || uri.length() == 0) {
uri = "/";
}

Expand Down Expand Up @@ -722,7 +722,8 @@ public void backgroundProcess() {
}

for(int k=0; k < patterns.length; k++) {
if(uri.equals(patterns[k])) {
// Exact match including special case for the context root.
if(uri.equals(patterns[k]) || patterns[k].length() == 0 && uri.equals("/")) {
found = true;
if(collection[j].findMethod(method)) {
if(results == null) {
Expand Down
4 changes: 4 additions & 0 deletions webapps/docs/changelog.xml
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,10 @@
rather than the user facing Principal object as Tomcat requires the
internal object to correctly process later authorization checks. (markt)
</fix>
<fix>
<bug>62067</bug>: Correctly apply security constraints mapped to the
context root using a URL pattern of <code>&quot;&quot;</code>. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Other">
Expand Down

0 comments on commit 2d69fde

Please sign in to comment.