Merge pull request #147 from SawamiWataru/1.6.4-hotfix

Emergency bug fix for 1.6.4 release.
personium · Feb 20, 2018 · f9db705 · f9db705
2 parents d62f879 + a08c9fc
commit f9db705
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/src/main/java/io/personium/core/auth/AccessContext.java b/src/main/java/io/personium/core/auth/AccessContext.java
@@ -755,6 +755,7 @@ private static AccessContext createBearerAuthz(String authzHeaderValue, Cell cel
                         null, tca.getIssuer());
                 String cellContentsAdminUrl = cellContentsAdminRole.createUrl();
 
+                String unitUserRole = null;
                 for (Role role : roles) {
                     String roleUrl = role.createUrl();
                     if (unitAdminRoleUrl.equals(roleUrl)) {
@@ -765,15 +766,16 @@ private static AccessContext createBearerAuthz(String authzHeaderValue, Cell cel
                             // If there is an X-Personium-UnitUser header, UnitUser
                             ret.subject = xPersoniumUnitUser;
                         }
-                    } else if (cellContentsReaderUrl.equals(roleUrl) && ret.unitUserRole == null) {
+                    } else if (cellContentsReaderUrl.equals(roleUrl) && unitUserRole == null) {
                         // If roles are not set, set the CellContentsReader role.
                         // To preferentially set the CellContentsAdmin role.
-                        ret.unitUserRole = ROLE_CELL_CONTENTS_READER;
+                        unitUserRole = ROLE_CELL_CONTENTS_READER;
                     } else if (cellContentsAdminUrl.equals(roleUrl)) {
                         // Set the CellContentsAdmin role.
-                        ret.unitUserRole = ROLE_CELL_CONTENTS_ADMIN;
+                        unitUserRole = ROLE_CELL_CONTENTS_ADMIN;
                     }
                 }
+                ret.unitUserRole = unitUserRole;
 
                 // ユニットユーザトークンはスキーマ認証関係無いのでここで復帰
                 return ret;