[jira] [Commented] (SHIRO-380) runAs feature (still) doesn't work

Wed, 08 Aug 2012 02:02:27 -0700 

    [ 
https://issues.apache.org/jira/browse/SHIRO-380?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13430961#comment-13430961
 ] 

Jochen Munz commented on SHIRO-380:
-----------------------------------

I am not aware of significant differences between sample app and the unit test 
(besides the web setup). 

The steps are quite similar:
 * 3 users are defined upfront
 * login as user 1  (1st request)
 * runAs user2 (2nd request, status shows up ok)
 * check status (3rd request, status shows user2 as current and previous 
principal)

I could think of different behaviour because of (web) session handling and/or 
threading (as the unit test runs in one go).

Can you (or somebody else) please verify the behaviour/setup with the attached 
sample app, so that we can exclude misconfiguration as a possible cause? I'll 
be happy to investigate further.
                
> runAs feature (still) doesn't work
> ----------------------------------
>
>                 Key: SHIRO-380
>                 URL: https://issues.apache.org/jira/browse/SHIRO-380
>             Project: Shiro
>          Issue Type: Bug
>          Components: Realms 
>    Affects Versions: 1.2.1
>            Reporter: Jochen Munz
>            Assignee: Les Hazlewood
>              Labels: principal,, shiro,, subject
>         Attachments: shiro_380_webapp.tgz
>
>
> Right after SecurityUtils.getSubject().runAs(new new 
> SimplePrincipalCollection(){...})
> SecurityUtils.getSubject().getPrincipal() returns correct new Principal
> SecurityUtils.getSubject()..getPreviousPrincipals() returns correct original 
> Principal
> but DefaultSubjectDAO merge principals in method
> protected void mergePrincipals(Subject subject) {
>   PrincipalCollection currentPrincipals = subject.getPrincipals();
>   ...
>   if (session == null) {
>   ...
>   } else {
>     PrincipalCollection existingPrincipals = (PrincipalCollection) 
> session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
>     if (CollectionUtils.isEmpty(currentPrincipals)) {
>       ...
>     } else {
>        if (!currentPrincipals.equals(existingPrincipals)) {
>             
> session.setAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY, 
> currentPrincipals);
>       }
>    }
> }
> and after that
> SecurityUtils.getSubject().getPrincipal() and 
> SecurityUtils.getSubject().getPreviousPrincipals() both returns new Principal 
> - this is wrong behavior

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to