[UNDERTOW-1997] Corrected handling of security constraints with URL pattern '/'

Kevin Wimmer · fl4via · commit e2b1e68eed11 · 2022-08-11T02:45:41.000-03:00
diff --git a/servlet/src/main/java/io/undertow/servlet/handlers/security/SecurityPathMatches.java b/servlet/src/main/java/io/undertow/servlet/handlers/security/SecurityPathMatches.java
@@ -139,6 +139,14 @@ public SecurityPathMatch getSecurityInfo(final String path, final String method)
             handleMatch(method, extensionMatch, currentMatch);
             return new SecurityPathMatch(currentMatch.type, mergeConstraints(currentMatch));
         }
+
+        // if nothing else, check for security info defined for URL pattern '/'
+        match = exactPathRoleInformation.get("/");
+        if (match != null) {
+            handleMatch(method, match, currentMatch);
+            return new SecurityPathMatch(currentMatch.type, mergeConstraints(currentMatch));
+        }
+
         return new SecurityPathMatch(currentMatch.type, mergeConstraints(currentMatch));
     }
 

Original file line number	Diff line number	Diff line change
`@@ -139,6 +139,14 @@ public SecurityPathMatch getSecurityInfo(final String path, final String method)`
`139`	`139`	`handleMatch(method, extensionMatch, currentMatch);`
`140`	`140`	`return new SecurityPathMatch(currentMatch.type, mergeConstraints(currentMatch));`
`141`	`141`	`}`
	`142`	`+`
	`143`	`+ // if nothing else, check for security info defined for URL pattern '/'`
	`144`	`+ match = exactPathRoleInformation.get("/");`
	`145`	`+ if (match != null) {`
	`146`	`+ handleMatch(method, match, currentMatch);`
	`147`	`+ return new SecurityPathMatch(currentMatch.type, mergeConstraints(currentMatch));`
	`148`	`+ }`
	`149`	`+`
`142`	`150`	`return new SecurityPathMatch(currentMatch.type, mergeConstraints(currentMatch));`
`143`	`151`	`}`
`144`	`152`