shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Les Hazlewood (JIRA)" <j...@apache.org>
Subject [jira] Commented: (SHIRO-156) SimpleAuthenticationInfo.merge does not merge principals if its internal principal collection is not mutable
Date Sat, 15 May 2010 00:49:43 GMT

    [ https://issues.apache.org/jira/browse/SHIRO-156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12867765#action_12867765
] 

Les Hazlewood commented on SHIRO-156:
-------------------------------------

I think it's ok that the new PrincipalCollection is mutable - it is really there as an aggregation
construct to pull in data from all realms, and to just add to what might exist already.  If
we wanted to create a new immutable PrincipalCollection every time, that would be OK too (and
probably a little safer).  We just don't have an immutable PrincipalCollection implementation
at the moment.

> SimpleAuthenticationInfo.merge does not merge principals if its internal principal collection
is not mutable
> ------------------------------------------------------------------------------------------------------------
>
>                 Key: SHIRO-156
>                 URL: https://issues.apache.org/jira/browse/SHIRO-156
>             Project: Shiro
>          Issue Type: Bug
>          Components: Authentication (log-in)
>    Affects Versions: 0.9
>            Reporter: Bryan Turner
>            Assignee: Kalle Korhonen
>             Fix For: 1.0.0
>
>
> In SimpleAuthenticationInfo.merge(AuthenticationInfo), there is the following code:
> {code}
>         if (this.principals == null) {
>             this.principals = info.getPrincipals();
>         } else {
>             if (this.principals instanceof MutablePrincipalCollection) {
>                 ((MutablePrincipalCollection) this.principals).addAll(info.getPrincipals());
>             } else {
>                 this.principals = new SimplePrincipalCollection(this.principals);
>             }
>         }
> {code}
> The logic in the nested else block appears incorrect. If the current "principals" collection
is not MutablePrincipalCollection, a new SimplePrincipalCollection, which is mutable, is constructed
from it. However, it does not copy the principals from other.getPrincipals(), which by that
point in the method is known to be non-null and non-empty, after it makes a mutable principal
collection.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message