Repository: shiro Updated Branches: refs/heads/master 64d61b13f -> 6d738af36
SHIRO-603 - fix for endless recursion in ShiroSecurityContext.getUserPrincipal() Project: http://git-wip-us.apache.org/repos/asf/shiro/repo Commit: http://git-wip-us.apache.org/repos/asf/shiro/commit/6d738af3 Tree: http://git-wip-us.apache.org/repos/asf/shiro/tree/6d738af3 Diff: http://git-wip-us.apache.org/repos/asf/shiro/diff/6d738af3 Branch: refs/heads/master Commit: 6d738af363bb8cf0ea8fbe345a7bcbcbe92b302a Parents: 64d61b1 Author: Brian Demers <[email protected]> Authored: Mon Nov 21 18:16:18 2016 -0500 Committer: Brian Demers <[email protected]> Committed: Mon Nov 21 18:16:18 2016 -0500 ---------------------------------------------------------------------- .../shiro/web/jaxrs/ShiroSecurityContext.java | 4 +++- .../shiro/web/jaxrs/ShiroSecurityContextTest.groovy | 16 ++++++++-------- .../jaxrs/SubjectPrincipalRequestFilterTest.groovy | 7 +++++-- 3 files changed, 16 insertions(+), 11 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/shiro/blob/6d738af3/support/jaxrs/src/main/java/org/apache/shiro/web/jaxrs/ShiroSecurityContext.java ---------------------------------------------------------------------- diff --git a/support/jaxrs/src/main/java/org/apache/shiro/web/jaxrs/ShiroSecurityContext.java b/support/jaxrs/src/main/java/org/apache/shiro/web/jaxrs/ShiroSecurityContext.java index 867ce48..7da5e89 100644 --- a/support/jaxrs/src/main/java/org/apache/shiro/web/jaxrs/ShiroSecurityContext.java +++ b/support/jaxrs/src/main/java/org/apache/shiro/web/jaxrs/ShiroSecurityContext.java @@ -35,9 +35,11 @@ import java.security.Principal; public class ShiroSecurityContext implements SecurityContext { final private ContainerRequestContext containerRequestContext; + final private SecurityContext originalSecurityContext; public ShiroSecurityContext(ContainerRequestContext containerRequestContext) { this.containerRequestContext = containerRequestContext; + this.originalSecurityContext = containerRequestContext.getSecurityContext(); } @Override @@ -55,7 +57,7 @@ public class ShiroSecurityContext implements SecurityContext { } } else { - result = containerRequestContext.getSecurityContext().getUserPrincipal(); + result = originalSecurityContext.getUserPrincipal(); } return result; http://git-wip-us.apache.org/repos/asf/shiro/blob/6d738af3/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy ---------------------------------------------------------------------- diff --git a/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy b/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy index 5d7e947..a90c555 100644 --- a/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy +++ b/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy @@ -41,12 +41,12 @@ class ShiroSecurityContextTest { void testIsSecure() { def requestContext = mock(ContainerRequestContext) def originalSecurityContext = mock(SecurityContext) - def shrioContext = new ShiroSecurityContext(requestContext) expect(requestContext.getSecurityContext()).andReturn(originalSecurityContext).anyTimes() expect(originalSecurityContext.isSecure()).andReturn(true) replay requestContext, originalSecurityContext + def shrioContext = new ShiroSecurityContext(requestContext) assertTrue shrioContext.isSecure() verify requestContext, originalSecurityContext @@ -56,12 +56,12 @@ class ShiroSecurityContextTest { void testGetAuthenticationScheme() { def requestContext = mock(ContainerRequestContext) def originalSecurityContext = mock(SecurityContext) - def shrioContext = new ShiroSecurityContext(requestContext) expect(requestContext.getSecurityContext()).andReturn(originalSecurityContext).anyTimes() expect(originalSecurityContext.getAuthenticationScheme()).andReturn("https") replay requestContext, originalSecurityContext + def shrioContext = new ShiroSecurityContext(requestContext) assertEquals "https", shrioContext.getAuthenticationScheme() verify requestContext, originalSecurityContext @@ -71,7 +71,6 @@ class ShiroSecurityContextTest { void testGetUserPrincipalWithString() { def requestContext = mock(ContainerRequestContext) def originalSecurityContext = mock(SecurityContext) - def shrioContext = new ShiroSecurityContext(requestContext) def subject = mock(Subject) ThreadContext.bind(subject) @@ -80,6 +79,7 @@ class ShiroSecurityContextTest { replay requestContext, originalSecurityContext, subject + def shrioContext = new ShiroSecurityContext(requestContext) def resultPrincipal = shrioContext.getUserPrincipal() assertSame "TestUser", resultPrincipal.getName() @@ -90,7 +90,6 @@ class ShiroSecurityContextTest { void testGetUserPrincipalNoPrincipal() { def requestContext = mock(ContainerRequestContext) def originalSecurityContext = mock(SecurityContext) - def shrioContext = new ShiroSecurityContext(requestContext) def subject = mock(Subject) ThreadContext.bind(subject) @@ -100,6 +99,7 @@ class ShiroSecurityContextTest { replay requestContext, originalSecurityContext, subject + def shrioContext = new ShiroSecurityContext(requestContext) assertNull shrioContext.getUserPrincipal() verify requestContext, originalSecurityContext, subject @@ -109,7 +109,6 @@ class ShiroSecurityContextTest { void testGetUserPrincipalPrincipalObject() { def requestContext = mock(ContainerRequestContext) def originalSecurityContext = mock(SecurityContext) - def shrioContext = new ShiroSecurityContext(requestContext) def subject = mock(Subject) ThreadContext.bind(subject) @@ -118,6 +117,7 @@ class ShiroSecurityContextTest { replay requestContext, originalSecurityContext, subject + def shrioContext = new ShiroSecurityContext(requestContext) def resultPrincipal = shrioContext.getUserPrincipal() assertSame "Tester", resultPrincipal.getName() @@ -128,7 +128,6 @@ class ShiroSecurityContextTest { void testUserInRoleTrue() { def requestContext = mock(ContainerRequestContext) def originalSecurityContext = mock(SecurityContext) - def shrioContext = new ShiroSecurityContext(requestContext) def subject = mock(Subject) ThreadContext.bind(subject) @@ -137,6 +136,7 @@ class ShiroSecurityContextTest { replay requestContext, originalSecurityContext, subject + def shrioContext = new ShiroSecurityContext(requestContext) assertTrue shrioContext.isUserInRole("test-role") verify requestContext, originalSecurityContext, subject @@ -146,7 +146,6 @@ class ShiroSecurityContextTest { void testUserInRoleFalse() { def requestContext = mock(ContainerRequestContext) def originalSecurityContext = mock(SecurityContext) - def shrioContext = new ShiroSecurityContext(requestContext) def subject = mock(Subject) ThreadContext.bind(subject) @@ -155,6 +154,7 @@ class ShiroSecurityContextTest { replay requestContext, originalSecurityContext, subject + def shrioContext = new ShiroSecurityContext(requestContext) assertFalse shrioContext.isUserInRole("test-role") verify requestContext, originalSecurityContext, subject @@ -164,7 +164,6 @@ class ShiroSecurityContextTest { void testPrincipalEquals() { def requestContext = mock(ContainerRequestContext) def originalSecurityContext = mock(SecurityContext) - def shrioContext = new ShiroSecurityContext(requestContext) def subject = mock(Subject) ThreadContext.bind(subject) @@ -174,6 +173,7 @@ class ShiroSecurityContextTest { replay requestContext, originalSecurityContext, subject + def shrioContext = new ShiroSecurityContext(requestContext) def result1Principal = shrioContext.getUserPrincipal() def result2Principal = shrioContext.getUserPrincipal() http://git-wip-us.apache.org/repos/asf/shiro/blob/6d738af3/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/SubjectPrincipalRequestFilterTest.groovy ---------------------------------------------------------------------- diff --git a/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/SubjectPrincipalRequestFilterTest.groovy b/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/SubjectPrincipalRequestFilterTest.groovy index 7ae75cd..ecaf028 100644 --- a/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/SubjectPrincipalRequestFilterTest.groovy +++ b/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/SubjectPrincipalRequestFilterTest.groovy @@ -22,6 +22,7 @@ import org.easymock.Capture import org.junit.Test import javax.ws.rs.container.ContainerRequestContext +import javax.ws.rs.core.SecurityContext import static org.easymock.EasyMock.* import static org.junit.Assert.* @@ -38,12 +39,14 @@ class SubjectPrincipalRequestFilterTest { def contextCapture = new Capture<ShiroSecurityContext>() def requestContext = mock(ContainerRequestContext) + def originalSecurityContext = mock(SecurityContext) + expect(requestContext.getSecurityContext()).andReturn(originalSecurityContext) expect(requestContext.setSecurityContext(capture(contextCapture))) - replay requestContext + replay requestContext, originalSecurityContext filter.filter(requestContext) - verify requestContext + verify requestContext, originalSecurityContext assertSame requestContext, contextCapture.value.containerRequestContext }
