Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-380

runAs feature (still) doesn't work

    XMLWordPrintableJSON

Details

    Description

      Right after SecurityUtils.getSubject().runAs(new new SimplePrincipalCollection()

      {...}

      )

      SecurityUtils.getSubject().getPrincipal() returns correct new Principal
      SecurityUtils.getSubject()..getPreviousPrincipals() returns correct original Principal

      but DefaultSubjectDAO merge principals in method

      protected void mergePrincipals(Subject subject) {
      PrincipalCollection currentPrincipals = subject.getPrincipals();
      ...
      if (session == null)

      { ... }

      else {
      PrincipalCollection existingPrincipals = (PrincipalCollection) session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
      if (CollectionUtils.isEmpty(currentPrincipals))

      { ... }

      else {
      if (!currentPrincipals.equals(existingPrincipals))

      { session.setAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY, currentPrincipals); }

      }
      }

      and after that
      SecurityUtils.getSubject().getPrincipal() and SecurityUtils.getSubject().getPreviousPrincipals() both returns new Principal - this is wrong behavior

      Attachments

        1. shiro_380_webapp.tgz
          4 kB
          Jochen Munz
        2. SHIRO-380-patch1.diff
          3 kB
          Elijah Korneckis

        Issue Links

          Activity

            People

              Unassigned Unassigned
              zefixlluja Jochen Munz
              Votes:
              2 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: