commit 2d69fde135302e8cff984bb2131ec69f2e396964 Author: Mark Thomas Date: Tue Feb 6 11:41:16 2018 +0000 git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk@1823309 13f79535-47bb-0310-9956-ffa450edef68 diff --git a/java/org/apache/catalina/realm/RealmBase.java b/java/org/apache/catalina/realm/RealmBase.java index 2098c2e8cc..9697440d35 100644 --- java/org/apache/catalina/realm/RealmBase.java +++ java/org/apache/catalina/realm/RealmBase.java @@ -688,9 +688,9 @@ public abstract class RealmBase extends LifecycleMBeanBase implements Realm { // Check each defined security constraint String uri = request.getRequestPathMB().toString(); - // Bug47080 - in rare cases this may be null + // Bug47080 - in rare cases this may be null or "" // Mapper treats as '/' do the same to prevent NPE - if (uri == null) { + if (uri == null || uri.length() == 0) { uri = "/"; } @@ -722,7 +722,8 @@ public abstract class RealmBase extends LifecycleMBeanBase implements Realm { } for(int k=0; k < patterns.length; k++) { - if(uri.equals(patterns[k])) { + // Exact match including special case for the context root. + if(uri.equals(patterns[k]) || patterns[k].length() == 0 && uri.equals("/")) { found = true; if(collection[j].findMethod(method)) { if(results == null) { diff -up webapps/docs/changelog.xml.orig webapps/docs/changelog.xml --- webapps/docs/changelog.xml.orig 2019-02-28 15:11:59.735767416 -0500 +++ webapps/docs/changelog.xml 2019-02-28 15:12:23.805697236 -0500 @@ -64,6 +64,10 @@ When generating a redirect to a directory in the Default Servlet, avoid generating a protocol relative redirect. (markt) + + 62067: Correctly apply security constraints mapped to the + context root using a URL pattern of "". (markt) +