PrincipalCollection not allowing duplicate elements

[drmike01 <ms...@gmail.com>]

Based on what I've read in the documentation about PrincipalCollections, they
should be able to accept multiple identical elements, however I discovered
that this was not the case. Based on what I could see of the Shiro code, it
looked like it should work because everything underneath was Lists, but it
did not.

As background, I have my own Realm implementation, where I overrode the
doGetAuthenticationInfo and getPasswordForUser methods. My
doGetAuthenticationInfo returns a SimpleAuthenticationInfo instance, which I
create using a PrincipalCollection, pwd, and realm name.  For a number of
reasons I won't go into here, my PrincipalCollection had two elements, a
username as their primary Principal (which was the user's email) and their
internal ID (an integer). I previously could add those to the
PrincipalCollection, and later on when I needed to access them, everything
worked fine when I pulled those Principals back out from a Subject.

I was adding in authorization to the app, and given that a user's role never
really changes and my roles are really simple, I was going to use the same
approach to putting in the role in the PrincipalCollection, rather than
implementing the Authorization code in Shiro (primarily to avoid the DB hits
every time I was checking authorization).  The role ID is also an integer.

Through a complete fluke, both my user ID and the role ID I was testing out
were the same (2). When I implemented the above changes in my code, it would
not work at the point where I was pulling the Principals back out from the
Subject, giving me an error that the Iterator didn't have a 3rd element to
it. After lacing the code with debug statements, I could verify that
everything was working except when I went to pull it back out.  I even
tested the PrincipalCollection.add return result to verify that it was true
for the 3rd element.

Shiro itself logs the following, though, and this was most interesting:
DEBUG org.apache.shiro.realm.AuthenticatingRealm .getAuthenticationInfo:569
- Looked up AuthenticationInfo [email_address_redacted,2] from
doGetAuthenticationInfo
This section of code logs the PrincipalCollection, and it was obvious that
it only had 2 elements, despite me putting three in.

I then proceeded to change the third element to be a string, which I knew
wouldn't conflict with either of the first two, on the hunch that it was not
allowing the duplicate 2's to go in.  Sure enough, after I did this it
worked fine, and the log showed the three elements.

Anyway, I thought I'd pass this along, as it doesn't seem to work as
documented. I got mine to work, but this seems to be either a bug or
something that should be clarified in the documentation.

--
View this message in context: http://shiro-user.582556.n2.nabble.com/PrincipalCollection-not-allowing-duplicate-elements-tp7577521.html
Sent from the Shiro User mailing list archive at Nabble.com.