commit 2d69fde135302e8cff984bb2131ec69f2e396964
Author: Mark Thomas <markt@apache.org>
Date: Tue Feb 6 11:41:16 2018 +0000
git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk@1823309 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/java/org/apache/catalina/realm/RealmBase.java b/java/org/apache/catalina/realm/RealmBase.java
index 2098c2e8cc..9697440d35 100644
--- java/org/apache/catalina/realm/RealmBase.java
+++ java/org/apache/catalina/realm/RealmBase.java
@@ -688,9 +688,9 @@ public abstract class RealmBase extends LifecycleMBeanBase implements Realm {
// Check each defined security constraint
String uri = request.getRequestPathMB().toString();
- // Bug47080 - in rare cases this may be null
+ // Bug47080 - in rare cases this may be null or ""
// Mapper treats as '/' do the same to prevent NPE
- if (uri == null) {
+ if (uri == null || uri.length() == 0) {
uri = "/";
}
@@ -722,7 +722,8 @@ public abstract class RealmBase extends LifecycleMBeanBase implements Realm {
}
for(int k=0; k < patterns.length; k++) {
- if(uri.equals(patterns[k])) {
+ // Exact match including special case for the context root.
+ if(uri.equals(patterns[k]) || patterns[k].length() == 0 && uri.equals("/")) {
found = true;
if(collection[j].findMethod(method)) {
if(results == null) {
diff -up webapps/docs/changelog.xml.orig webapps/docs/changelog.xml
--- webapps/docs/changelog.xml.orig 2019-02-28 15:11:59.735767416 -0500
+++ webapps/docs/changelog.xml 2019-02-28 15:12:23.805697236 -0500
@@ -64,6 +64,10 @@
When generating a redirect to a directory in the Default Servlet, avoid
generating a protocol relative redirect. (markt)
</fix>
+ <fix>
+ <bug>62067</bug>: Correctly apply security constraints mapped to the
+ context root using a URL pattern of <code>""</code>. (markt)
+ </fix>
</changelog>
</subsection>
</section>