Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.2.0
Description
Right after SecurityUtils.getSubject().runAs(new new SimplePrincipalCollection()
{...})
SecurityUtils.getSubject().getPrincipal() returns correct new Principal
SecurityUtils.getSubject()..getPreviousPrincipals() returns correct original Principal
but DefaultSubjectDAO merge principals in method
protected void mergePrincipals(Subject subject) {
PrincipalCollection currentPrincipals = subject.getPrincipals();
...
if (session == null)
else {
PrincipalCollection existingPrincipals = (PrincipalCollection) session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
if (CollectionUtils.isEmpty(currentPrincipals))
else {
if (!currentPrincipals.equals(existingPrincipals))
}
}
and after that
SecurityUtils.getSubject().getPrincipal() and SecurityUtils.getSubject().getPreviousPrincipals() both returns new Principal - this is wrong behavior