From c6c6ba37f0770fb76df84a059417c95ab51e5585 Mon Sep 17 00:00:00 2001
From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Sat, 29 Mar 2008 14:48:24 +0000
Subject: [PATCH] https://issues.apache.org/bugzilla/show_bug.cgi?id=44529 No
 roles (deny all) trumps no auth-constraint (allow all)

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@642542 13f79535-47bb-0310-9956-ffa450edef68
---
 java/org/apache/catalina/realm/RealmBase.java | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/java/org/apache/catalina/realm/RealmBase.java b/java/org/apache/catalina/realm/RealmBase.java
index 39c01ef73..603e81b34 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -776,17 +776,16 @@ public abstract class RealmBase
                         log.debug("No roles ");
                     status = false; // No listed roles means no access at all
                     denyfromall = true;
+                    break;
                 } else {
                     if(log.isDebugEnabled())
                         log.debug("Passing all access");
-                    return (true);
+                    status = true;
                 }
             } else if (principal == null) {
                 if (log.isDebugEnabled())
                     log.debug("  No user authenticated, cannot grant access");
-                status = false;
-            } else if(!denyfromall) {
-
+            } else {
                 for (int j = 0; j < roles.length; j++) {
                     if (hasRole(principal, roles[j]))
                         status = true;
@@ -796,7 +795,8 @@ public abstract class RealmBase
             }
         }
 
-        if (allRolesMode != AllRolesMode.STRICT_MODE && !status && principal != null) {
+        if (!denyfromall && allRolesMode != AllRolesMode.STRICT_MODE &&
+                !status && principal != null) {
             if (log.isDebugEnabled()) {
                 log.debug("Checking for all roles mode: " + allRolesMode);
             }
-- 
2.11.0