You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Les Hazlewood (JIRA)" <ji...@apache.org> on 2012/10/30 02:36:12 UTC
[jira] [Commented] (SHIRO-380) runAs feature (still) doesn't work
[ https://issues.apache.org/jira/browse/SHIRO-380?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13486592#comment-13486592 ]
Les Hazlewood commented on SHIRO-380:
-------------------------------------
Jochen and Elijah thanks for your help!!! Jochen, the sample web app was a HUGE help, I wish all bug reports had one of these :) Great stuff!
I just committed a hotfix for this using a sneaky bit of reflection to ensure point-version forwards and backwards compatibility (new non-private fields, constants and methods can only be introduced during minor point revision releases (i.e. 1.2 -> 1.3, but not 1.2.1 -> 1.2.2).
I tested with Jochen's web app and all appears to be well.
Jochen, I also added another action to your servlet, "pop", i.e. localhost:8080/shiro380/login?action=pop which calls subject.releaseRunAs();
This allows me to action=runas or action=runas2 as many times as I wanted. Each action=pop request would pop the stack and, when depleted, would return the original Subject principals as expected. This would have been a bit harder to test without your webapp - thanks again!
For those following along, if you're willing, please try the latest 1.2.x branch (1.2.2-SNAPSHOT) and feel free to test it out.
Thanks again,
Les
> runAs feature (still) doesn't work
> ----------------------------------
>
> Key: SHIRO-380
> URL: https://issues.apache.org/jira/browse/SHIRO-380
> Project: Shiro
> Issue Type: Bug
> Components: Realms
> Affects Versions: 1.2.1
> Reporter: Jochen Munz
> Assignee: Les Hazlewood
> Labels: principal,, shiro,, subject
> Attachments: SHIRO-380-patch1.diff, shiro_380_webapp.tgz
>
>
> Right after SecurityUtils.getSubject().runAs(new new SimplePrincipalCollection(){...})
> SecurityUtils.getSubject().getPrincipal() returns correct new Principal
> SecurityUtils.getSubject()..getPreviousPrincipals() returns correct original Principal
> but DefaultSubjectDAO merge principals in method
> protected void mergePrincipals(Subject subject) {
> PrincipalCollection currentPrincipals = subject.getPrincipals();
> ...
> if (session == null) {
> ...
> } else {
> PrincipalCollection existingPrincipals = (PrincipalCollection) session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
> if (CollectionUtils.isEmpty(currentPrincipals)) {
> ...
> } else {
> if (!currentPrincipals.equals(existingPrincipals)) {
> session.setAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY, currentPrincipals);
> }
> }
> }
> and after that
> SecurityUtils.getSubject().getPrincipal() and SecurityUtils.getSubject().getPreviousPrincipals() both returns new Principal - this is wrong behavior
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira