You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Jochen Munz (JIRA)" <ji...@apache.org> on 2012/08/07 16:52:08 UTC
[jira] [Updated] (SHIRO-380) runAs feature (still) doesn't work
[ https://issues.apache.org/jira/browse/SHIRO-380?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jochen Munz updated SHIRO-380:
------------------------------
Fix Version/s: (was: 1.2.1)
(was: 1.3.0)
Affects Version/s: (was: 1.2.0)
1.2.1
I have cloned the SHIRO-344 issue, because using shiro 1.2.1, I still experience this issue - the principals get overwritten in the mergePrincipals() method.
Running the runAs() tests for the DelegatingSubject gives me no errors.
Also noteworthy, when entering a second runAs-Level, the previous principals are preserved. It is only on the first runAs level that the previous principal gets overwritten.
When I am using the subclassed SubjectDAO of SHIRO-344 the problem does not occur, runAs works on all levels as expected.
My setup is web-based, maybe this leads to some subtle differences?
> runAs feature (still) doesn't work
> ----------------------------------
>
> Key: SHIRO-380
> URL: https://issues.apache.org/jira/browse/SHIRO-380
> Project: Shiro
> Issue Type: Bug
> Components: Realms
> Affects Versions: 1.2.1
> Reporter: Jochen Munz
> Assignee: Les Hazlewood
> Labels: principal,, shiro,, subject
>
> Right after SecurityUtils.getSubject().runAs(new new SimplePrincipalCollection(){...})
> SecurityUtils.getSubject().getPrincipal() returns correct new Principal
> SecurityUtils.getSubject()..getPreviousPrincipals() returns correct original Principal
> but DefaultSubjectDAO merge principals in method
> protected void mergePrincipals(Subject subject) {
> PrincipalCollection currentPrincipals = subject.getPrincipals();
> ...
> if (session == null) {
> ...
> } else {
> PrincipalCollection existingPrincipals = (PrincipalCollection) session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
> if (CollectionUtils.isEmpty(currentPrincipals)) {
> ...
> } else {
> if (!currentPrincipals.equals(existingPrincipals)) {
> session.setAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY, currentPrincipals);
> }
> }
> }
> and after that
> SecurityUtils.getSubject().getPrincipal() and SecurityUtils.getSubject().getPreviousPrincipals() both returns new Principal - this is wrong behavior
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira