From cd6ca38176de3e4d5c822d14c347f07de1ec1493 Mon Sep 17 00:00:00 2001
From: Flavia Rainone <frainone@redhat.com>
Date: Thu, 15 Dec 2022 11:25:57 -0300
Subject: [PATCH] [UNDERTOW-2213] Revert "[UNDERTOW-2209] Style and cleanup
 changes (none of the changes will affect the algorithm workflow)"

This reverts commit f29fcc784766e17d001d5756b5a61f6474818384.

Signed-off-by: Flavia Rainone <frainone@redhat.com>
---
 .../handlers/security/SecurityPathMatches.java        | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/servlet/src/main/java/io/undertow/servlet/handlers/security/SecurityPathMatches.java b/servlet/src/main/java/io/undertow/servlet/handlers/security/SecurityPathMatches.java
index 21438c508e..fe961f2c03 100644
--- a/servlet/src/main/java/io/undertow/servlet/handlers/security/SecurityPathMatches.java
+++ b/servlet/src/main/java/io/undertow/servlet/handlers/security/SecurityPathMatches.java
@@ -190,15 +190,16 @@ private void handleMatch(final String method, final PathSecurityInformation exac
                 transport(currentMatch, role.transportGuaranteeType);
                 currentMatch.constraints.add(new SingleConstraintMatch(role.emptyRoleSemantic, role.roles));
             }
-        } else if (denyUncoveredHttpMethods) {
-            if (exact.perMethodRequiredRoles.size() == 0) {
+        } else if(denyUncoveredHttpMethods) {
+            if(exact.perMethodRequiredRoles.size() == 0) {
                 // 13.8.4. When HTTP methods are not enumerated within a security-constraint, the protections defined by the
                 // constraint apply to the complete set of HTTP (extension) methods.
                 currentMatch.uncovered = false;
                 currentMatch.constraints.add(new SingleConstraintMatch(SecurityInfo.EmptyRoleSemantic.PERMIT, new HashSet<>()));
-            } else {
-                //at this point method info is null, but there is match, above if will be triggered for default path, we need to flip it?
-                // keep currentMatch.uncovered value as true (this is the value that is initially set)
+            } else if(exact.perMethodRequiredRoles.size() > 0) {
+                //at this point method is null, but there is match, above if will be triggered for default path, we need to flip it?
+                currentMatch.uncovered = true;
+                //NOTE: ?
                 currentMatch.constraints.clear();
                 currentMatch.constraints.add(new SingleConstraintMatch(SecurityInfo.EmptyRoleSemantic.DENY, new HashSet<>()));
             }