Skip to content
This repository has been archived by the owner on Dec 4, 2018. It is now read-only.

Commit

Permalink
Browse files Browse the repository at this point in the history
Correctly apply security constraints mapped to the context root using a
URL pattern of ""

git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc8.0.x/trunk@1823308 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
markt-asf committed Feb 6, 2018
1 parent e241ae1 commit 9e700b9
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 3 deletions.
7 changes: 4 additions & 3 deletions java/org/apache/catalina/realm/RealmBase.java
Original file line number Diff line number Diff line change
Expand Up @@ -757,9 +757,9 @@ public void backgroundProcess() {

// Check each defined security constraint
String uri = request.getRequestPathMB().toString();
// Bug47080 - in rare cases this may be null
// Bug47080 - in rare cases this may be null or ""
// Mapper treats as '/' do the same to prevent NPE
if (uri == null) {
if (uri == null || uri.length() == 0) {
uri = "/";
}

Expand Down Expand Up @@ -791,7 +791,8 @@ public void backgroundProcess() {
}

for(int k=0; k < patterns.length; k++) {
if(uri.equals(patterns[k])) {
// Exact match including special case for the context root.
if(uri.equals(patterns[k]) || patterns[k].length() == 0 && uri.equals("/")) {
found = true;
if(collection[j].findMethod(method)) {
if(results == null) {
Expand Down
4 changes: 4 additions & 0 deletions webapps/docs/changelog.xml
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,10 @@
rather than the user facing Principal object as Tomcat requires the
internal object to correctly process later authorization checks. (markt)
</fix>
<fix>
<bug>62067</bug>: Correctly apply security constraints mapped to the
context root using a URL pattern of <code>&quot;&quot;</code>. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Other">
Expand Down

0 comments on commit 9e700b9

Please sign in to comment.