From ae64f2cce40de6120cec5bd049606e2d8a24725a Mon Sep 17 00:00:00 2001
From: punkepa <punkepa@hlag.com>
Date: Wed, 24 Apr 2024 08:58:24 +0200
Subject: [PATCH] Allow two stars as rolename as described in servlet spec

---
 .../java/io/quarkus/undertow/deployment/UndertowBuildStep.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/extensions/undertow/deployment/src/main/java/io/quarkus/undertow/deployment/UndertowBuildStep.java b/extensions/undertow/deployment/src/main/java/io/quarkus/undertow/deployment/UndertowBuildStep.java
index 415204b0d4fc29..1c73a56d2b10dd 100644
--- a/extensions/undertow/deployment/src/main/java/io/quarkus/undertow/deployment/UndertowBuildStep.java
+++ b/extensions/undertow/deployment/src/main/java/io/quarkus/undertow/deployment/UndertowBuildStep.java
@@ -550,7 +550,7 @@ public ServletDeploymentManagerBuildItem build(List<ServletBuildItem> servlets,
                 if (constraint.getAuthConstraint() == null) {
                     // no auth constraint means we permit the empty roles
                     securityConstraint.setEmptyRoleSemantic(PERMIT);
-                } else if (roleNames.size() == 1 && roleNames.contains("*")) {
+                } else if (roleNames.size() == 1 && (roleNames.contains("*") || roleNames.contains("**"))) {
                     securityConstraint.setEmptyRoleSemantic(AUTHENTICATE);
                 } else {
                     securityConstraint.addRolesAllowed(roleNames);