[
https://issues.apache.org/jira/browse/SHIRO-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17046871#comment-17046871
]
Andy Seaborne edited comment on SHIRO-744 at 2/27/20 6:31 PM:
--------------------------------------------------------------
Ok - thanks for the explanation.
Maybe related to SHIRO-745.
And also the fact that it also causes initialization to happen twice which in
turn causes a warning. One call to web.env.EnvironmentLoader causes IniRealm to
be init'ed twice (reflection builder), but the first loads users and the second
then issues the warning because users now defined and ini is not empty.
{noformat}
IniRealm WARN Users or Roles are already populated. Configured Ini instance
will be ignored.
{noformat}
This is in 1.4.2 and 1.5.1. Because of the CVE, I haven't tried bisecting
earlier than 1.4.2 but 1.2.6 was OK.
was (Author: andy.seaborne):
Ok - thanks for the explanation.
Maybe related to SHIRO-745.
And also the fact that it also causes initialization to happen twice which in
turn causes a warning. One call to web.env.EnvironmentLoader causes IniRealm to
be init'ed twice, but the first loaders users and the second then issues the
warning:
{noformat}
IniRealm WARN Users or Roles are already populated. Configured Ini instance
will be ignored.
{noformat}
This is in 1.4.2 and 1.5.1. Because of the CVE, I haven't tried bisecting
earlier than 1.4.2 but 1.2.6 was OK.
> Overlapping classes cause warnings when shading.
> ------------------------------------------------
>
> Key: SHIRO-744
> URL: https://issues.apache.org/jira/browse/SHIRO-744
> Project: Shiro
> Issue Type: Bug
> Reporter: Andy Seaborne
> Priority: Major
>
> Project has dependecny on shiro-core and shiro-web, no other shiro artifacts.
> When shading (maven plugin) the project WARNING's are emitted:
> {noformat}
> [WARNING] shiro-crypto-hash-1.5.1.jar, shiro-core-1.5.1.jar define 24
> overlapping classes:
> [WARNING] - org.apache.shiro.crypto.hash.format.ProvidedHashFormat
> [WARNING] - org.apache.shiro.crypto.hash.format.HexFormat
> [WARNING] - org.apache.shiro.crypto.hash.Sha1Hash
> [WARNING] - org.apache.shiro.crypto.hash.Md2Hash
> [WARNING] - org.apache.shiro.crypto.hash.ConfigurableHashService
> [WARNING] - org.apache.shiro.crypto.hash.HashRequest
> [WARNING] - org.apache.shiro.crypto.hash.format.Shiro1CryptFormat
> [WARNING] - org.apache.shiro.crypto.hash.format.HashFormat
> [WARNING] - org.apache.shiro.crypto.hash.Sha256Hash
> [WARNING] - org.apache.shiro.crypto.hash.format.DefaultHashFormatFactory
> [WARNING] - 14 more...
> {noformat}
> and a 3 way one:
> {noformat}
> [WARNING] shiro-config-ogdl-1.5.1.jar, shiro-config-core-1.5.1.jar,
> shiro-core-1.5.1.jar define 5 overlapping classes:
> [WARNING] - org.apache.shiro.config.Ini$1
> [WARNING] - org.apache.shiro.config.Ini$Section
> [WARNING] - org.apache.shiro.config.ResourceConfigurable
> [WARNING] - org.apache.shiro.config.Ini
> [WARNING] - org.apache.shiro.config.ConfigurationException
> {noformat}
> Looking in the jars, indeed both shiro-crypto-hash-1.5.1.jar,
> shiro-core-1.5.1.jar have the same classes. It is as if shiro artifacts
> include parts of shiro-core that they use.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
