You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Les Hazlewood (JIRA)" <ji...@apache.org> on 2012/10/30 23:12:12 UTC

[jira] [Resolved] (SHIRO-380) runAs feature (still) doesn't work

     [ https://issues.apache.org/jira/browse/SHIRO-380?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Les Hazlewood resolved SHIRO-380.
---------------------------------

       Resolution: Fixed
    Fix Version/s: 1.3.0
                   1.2.2

Fixed in the 1.2.x branch (with test cases) and ported to trunk (1.3.0-SNAPSHOT).  Thanks to Jochen and Elijah for their debugging help!

If there are any further issues related to this prior to a 1.2.2 and/or 1.3.0 release, please re-open this issue.
                
> runAs feature (still) doesn't work
> ----------------------------------
>
>                 Key: SHIRO-380
>                 URL: https://issues.apache.org/jira/browse/SHIRO-380
>             Project: Shiro
>          Issue Type: Bug
>          Components: Realms 
>    Affects Versions: 1.2.1
>            Reporter: Jochen Munz
>            Assignee: Les Hazlewood
>              Labels: principal,, shiro,, subject
>             Fix For: 1.2.2, 1.3.0
>
>         Attachments: SHIRO-380-patch1.diff, shiro_380_webapp.tgz
>
>
> Right after SecurityUtils.getSubject().runAs(new new SimplePrincipalCollection(){...})
> SecurityUtils.getSubject().getPrincipal() returns correct new Principal
> SecurityUtils.getSubject()..getPreviousPrincipals() returns correct original Principal
> but DefaultSubjectDAO merge principals in method
> protected void mergePrincipals(Subject subject) {
>   PrincipalCollection currentPrincipals = subject.getPrincipals();
>   ...
>   if (session == null) {
>   ...
>   } else {
>     PrincipalCollection existingPrincipals = (PrincipalCollection) session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
>     if (CollectionUtils.isEmpty(currentPrincipals)) {
>       ...
>     } else {
>        if (!currentPrincipals.equals(existingPrincipals)) {
>             session.setAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY, currentPrincipals);
>       }
>    }
> }
> and after that
> SecurityUtils.getSubject().getPrincipal() and SecurityUtils.getSubject().getPreviousPrincipals() both returns new Principal - this is wrong behavior

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira