diff options
Diffstat (limited to 'jetty-security/src/main/java/org/eclipse/jetty/security/DefaultUserIdentity.java')
-rw-r--r-- | jetty-security/src/main/java/org/eclipse/jetty/security/DefaultUserIdentity.java | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultUserIdentity.java b/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultUserIdentity.java index dd12b1d911..52e93ba3dc 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultUserIdentity.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultUserIdentity.java @@ -54,19 +54,22 @@ public class DefaultUserIdentity implements UserIdentity } public boolean isUserInRole(String role, Scope scope) - { - if (scope!=null && scope.getRoleRefMap()!=null) - { - String mappedRole = scope.getRoleRefMap().get(role); - if (mappedRole != null) - role = mappedRole; - } + { + //Servlet Spec 3.1, pg 125 + if ("*".equals(role)) + return false; + String roleToTest = null; + if (scope!=null && scope.getRoleRefMap()!=null) + roleToTest=scope.getRoleRefMap().get(role); + + //Servlet Spec 3.1, pg 125 + if (roleToTest == null) + roleToTest = role; + for (String r :_roles) - { - if (r.equals(role)) + if (r.equals(roleToTest)) return true; - } return false; } |