shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dan Finkelstein (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SHIRO-344) runAs feature doesn't work
Date Thu, 22 Mar 2012 18:26:22 GMT

    [ https://issues.apache.org/jira/browse/SHIRO-344?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13235844#comment-13235844
] 

Dan Finkelstein commented on SHIRO-344:
---------------------------------------

When trying to upgrade to 1.2, I came across a similar issue.  Hopefully, this will help track
down the issue.

My app invokes runAs() on a subject (so that an admin can become a user).  Then, later when
the subject wishes revert to "as before", I invoke releaseRunAs() but it has no effect under
1.2.  The subject remains unchanged.

                
> runAs feature doesn't work
> --------------------------
>
>                 Key: SHIRO-344
>                 URL: https://issues.apache.org/jira/browse/SHIRO-344
>             Project: Shiro
>          Issue Type: Bug
>          Components: Realms 
>    Affects Versions: 1.2.0
>            Reporter: yourik
>              Labels: principal,, shiro,, subject
>             Fix For: 1.2.1
>
>
> Right after SecurityUtils.getSubject().runAs(new new SimplePrincipalCollection(){...})
> SecurityUtils.getSubject().getPrincipal() returns correct new Principal
> SecurityUtils.getSubject()..getPreviousPrincipals() returns correct original Principal
> but DefaultSubjectDAO merge principals in method
> protected void mergePrincipals(Subject subject) {
>   PrincipalCollection currentPrincipals = subject.getPrincipals();
>   ...
>   if (session == null) {
>   ...
>   } else {
>     PrincipalCollection existingPrincipals = (PrincipalCollection) session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
>     if (CollectionUtils.isEmpty(currentPrincipals)) {
>       ...
>     } else {
>        if (!currentPrincipals.equals(existingPrincipals)) {
>             session.setAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY, currentPrincipals);
>       }
>    }
> }
> and after that
> SecurityUtils.getSubject().getPrincipal() and SecurityUtils.getSubject().getPreviousPrincipals()
both returns new Principal - this is wrong behavior

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message