Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-380

runAs feature (still) doesn't work

    Details

      Description

      Right after SecurityUtils.getSubject().runAs(new new SimplePrincipalCollection()

      {...}

      )

      SecurityUtils.getSubject().getPrincipal() returns correct new Principal
      SecurityUtils.getSubject()..getPreviousPrincipals() returns correct original Principal

      but DefaultSubjectDAO merge principals in method

      protected void mergePrincipals(Subject subject) {
      PrincipalCollection currentPrincipals = subject.getPrincipals();
      ...
      if (session == null)

      { ... }

      else {
      PrincipalCollection existingPrincipals = (PrincipalCollection) session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
      if (CollectionUtils.isEmpty(currentPrincipals))

      { ... }

      else {
      if (!currentPrincipals.equals(existingPrincipals))

      { session.setAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY, currentPrincipals); }

      }
      }

      and after that
      SecurityUtils.getSubject().getPrincipal() and SecurityUtils.getSubject().getPreviousPrincipals() both returns new Principal - this is wrong behavior

        Attachments

        1. SHIRO-380-patch1.diff
          3 kB
          Elijah Korneckis
        2. shiro_380_webapp.tgz
          4 kB
          Jochen Munz

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                zefixlluja Jochen Munz
              • Votes:
                2 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: