Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      Consider following code (used in JUnit test):

      Subject currentUser = SecurityUtils.getSubject();
      //login as user with some permissions
      currentUser.login(new UsernamePasswordToken("empl1", "pass1"));
      //call some protected function
      currentUser.logout();
      // now use user without required premissions
      currentUser.login(new UsernamePasswordToken("testUser", "blah"));
      //call protected method - should throw UnaauthorizedException

      This code looks ok, but it will not work. It will throw NPE on the line with second login() call.
      This is beacuse logout() method will clear the securityManager field in currentUser object, and the next login() call will call the method on this securityManager, rising NPE.

      It would be better if we allow somehow for such scenario - open question is how? At this moment the currentUser object after logout() method becomes completely useless.

      (Current workaround: after calling logout() and before second call to login() you have to replace currentUser object:
      currentUser = SecurityUtils.getSubject();

        Activity

        Les Hazlewood made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Niclas Hedhman made changes -
        Project Ki [ 12310890 ] Shiro [ 12310950 ]
        Key KI-47 SHIRO-80
        Affects Version/s 1.0 [ 12313690 ]
        Component/s Authentication (log-in) [ 12312672 ]
        Fix Version/s 1.0 [ 12313690 ]
        Alan Cabrera made changes -
        Component/s Authentication (log-in) [ 12312672 ]
        Alan Cabrera made changes -
        Affects Version/s 1.0 [ 12313690 ]
        Fix Version/s 1.0 [ 12313690 ]
        Alan Cabrera made changes -
        Key JSEC-22 KI-47
        Component/s Authentication (log-in) [ 12312402 ]
        Affects Version/s 1.0 [ 12313312 ]
        Project JSecurity [ 12310812 ] Ki [ 12310890 ]
        Fix Version/s 1.0 [ 12313312 ]
        Les Hazlewood made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Assignee Les Hazlewood [ lhazlewood ]
        Resolution Fixed [ 1 ]
        Les Hazlewood made changes -
        Field Original Value New Value
        Fix Version/s 1.0 [ 12313312 ]
        Affects Version/s 1.0 [ 12313312 ]
        Grzegorz Borkowski created issue -

          People

          • Assignee:
            Les Hazlewood
            Reporter:
            Grzegorz Borkowski
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development