shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Les Hazlewood (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (SHIRO-344) runAs feature doesn't work
Date Sun, 22 Jul 2012 01:02:34 GMT

     [ https://issues.apache.org/jira/browse/SHIRO-344?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Les Hazlewood resolved SHIRO-344.
---------------------------------

    Resolution: Fixed
      Assignee: Les Hazlewood

The final fix was to handle this in the DelegatingSubject implementation directly.

The updates to DefaultSubjectDAO were not necessary because the merge logic in that class
ensures that the fields in the Subject instance would be saved in the session if not already
saved.  The runAsPrincipals now always reside in the Session so that isn't necessary.

Please try out 1.2.1-SNAPSHOT or 1.3.0-SNAPSHOT and let us know if you have any problems!
 If you do, feel free to reopen this issue and leave comments as to why it didn't work for
you (the DelegatingSubjectTest class is more robust on its runAs tests, so we should be ok).
                
> runAs feature doesn't work
> --------------------------
>
>                 Key: SHIRO-344
>                 URL: https://issues.apache.org/jira/browse/SHIRO-344
>             Project: Shiro
>          Issue Type: Bug
>          Components: Realms 
>    Affects Versions: 1.2.0
>            Reporter: yourik
>            Assignee: Les Hazlewood
>              Labels: principal,, shiro,, subject
>             Fix For: 1.2.1, 1.3.0
>
>         Attachments: SubjectDAO.java
>
>
> Right after SecurityUtils.getSubject().runAs(new new SimplePrincipalCollection(){...})
> SecurityUtils.getSubject().getPrincipal() returns correct new Principal
> SecurityUtils.getSubject()..getPreviousPrincipals() returns correct original Principal
> but DefaultSubjectDAO merge principals in method
> protected void mergePrincipals(Subject subject) {
>   PrincipalCollection currentPrincipals = subject.getPrincipals();
>   ...
>   if (session == null) {
>   ...
>   } else {
>     PrincipalCollection existingPrincipals = (PrincipalCollection) session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
>     if (CollectionUtils.isEmpty(currentPrincipals)) {
>       ...
>     } else {
>        if (!currentPrincipals.equals(existingPrincipals)) {
>             session.setAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY, currentPrincipals);
>       }
>    }
> }
> and after that
> SecurityUtils.getSubject().getPrincipal() and SecurityUtils.getSubject().getPreviousPrincipals()
both returns new Principal - this is wrong behavior

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message