Shiro
  1. Shiro
  2. SHIRO-380

runAs feature (still) doesn't work

    Details

      Description

      Right after SecurityUtils.getSubject().runAs(new new SimplePrincipalCollection()

      {...}

      )

      SecurityUtils.getSubject().getPrincipal() returns correct new Principal
      SecurityUtils.getSubject()..getPreviousPrincipals() returns correct original Principal

      but DefaultSubjectDAO merge principals in method

      protected void mergePrincipals(Subject subject) {
      PrincipalCollection currentPrincipals = subject.getPrincipals();
      ...
      if (session == null)

      { ... }

      else {
      PrincipalCollection existingPrincipals = (PrincipalCollection) session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
      if (CollectionUtils.isEmpty(currentPrincipals))

      { ... }

      else {
      if (!currentPrincipals.equals(existingPrincipals))

      { session.setAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY, currentPrincipals); }

      }
      }

      and after that
      SecurityUtils.getSubject().getPrincipal() and SecurityUtils.getSubject().getPreviousPrincipals() both returns new Principal - this is wrong behavior

      1. SHIRO-380-patch1.diff
        3 kB
        Elijah Korneckis
      2. shiro_380_webapp.tgz
        4 kB
        Jochen Munz

        Issue Links

          Activity

            People

            • Assignee:
              Les Hazlewood
              Reporter:
              Jochen Munz
            • Votes:
              2 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development