Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-752

Unnecessary realm checks in ModularRealmAuthorizer

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 1.5.2
    • None
    • Authorization (access control)
    • None

    Description

      Problem description

      `public boolean[] isPermitted(PrincipalCollection principals, List<Permission> permissions)` will check every realm for every permission and does not short circuit.

      if (permissions != null && permissions.length > 0) { 

  boolean[] isPermitted = new boolean[permissions.length];

  for (int i = 0; i < permissions.length; i++) { 
    isPermitted[i] = isPermitted(principals, permissions[i]);
  }

  return isPermitted; 
}

return new boolean[0];

      Expected outcome

      Check realm-by-realm, and only those permissions which are not already true

      Actual outcome

      Each realm is checked anyway.

      Sample implementation

      https://github.com/riccardomodanese/shiro/commit/7b60f8be0a599dc5975e9a4b12f277a3475fdc93

      Attachments

        Activity

          People

            Unassigned Unassigned
            bmarwell Benjamin Marwell
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: