--- experimental/server/ACL/ACL.java	2001/12/31 19:25:39	1.10
+++ experimental/server/ACL/ACL.java	2002/01/06 23:32:27	1.11
@@ -17,7 +17,7 @@ import java.io.Serializable;
  * the relevant check method.
  *
  * @author  $Author: tdb $
- * @version $Id: ACL.java,v 1.10 2001/12/31 19:25:39 tdb Exp $
+ * @version $Id: ACL.java,v 1.11 2002/01/06 23:32:27 tdb Exp $
  */
 public class ACL implements Serializable {
 
@@ -26,7 +26,7 @@ public class ACL implements Serializable {
     /**
      * The current CVS revision of this class
      */
-    public static final String REVISION = "$Revision: 1.10 $";
+    public static final String REVISION = "$Revision: 1.11 $";
     
     /**
      * static to be used when adding an ALLOW rule to the ACL.
@@ -171,7 +171,8 @@ public class ACL implements Serializable {
             ACLRule rule = (ACLRule) _acl.get(i);
             if(rule._iprule) {
                 // if this is an IP rule do a short comparison
-                if(compareShorts(ipaddr, rule._ipaddr)) {
+                // must specify the wildcarded rule first
+                if(compareShorts(rule._ipaddr, ipaddr)) {
                     return rule._allow;
                 }
             }
@@ -232,7 +233,7 @@ public class ACL implements Serializable {
                 ipaddr[i] = Short.parseShort(st.nextToken());
             }
             catch(NumberFormatException e) {
-                // do nothing?
+                // do nothing...
                 // we just want to leave it as -1
                 // -- actually, maybe we want to do more checks in here?
                 //    although in this code context it'll probably be ok,
@@ -244,12 +245,11 @@ public class ACL implements Serializable {
     }
     
     /**
-     * Compares two short arrays. The array can contain a -1, which
-     * will always match any value -- it's a wildcard. They must be
-     * the same length to match. At the moment the order of the
-     * parameters does not matter.
+     * Compares two short arrays. The first array can contain a -1,
+     * which will always match any value -- it's a wildcard.
+     * They must be the same length to match.
      *
-     * @param first The first array to compare
+     * @param first The first array to compare (with -1 wildcard if required)
      * @param second The second array to compare
      * @result the result of the comparison
      */
@@ -258,8 +258,7 @@ public class ACL implements Serializable {
             return false;
         }
         for(int i=0; i < first.length; i++) {
-            // -- might want to consider specify which is the wildcard one?
-            if(first[i] == -1 || second[i] == -1) {
+            if(first[i] == -1) {
                 continue;
             }
             if(first[i] != second[i]) {