[jira] [Updated] (SHIRO-752) Unnecessary realm checks in ModularRealmAuthorizer

Benjamin Marwell (Jira) Wed, 01 Apr 2020 08:48:11 -0700


     [ 
https://issues.apache.org/jira/browse/SHIRO-752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Benjamin Marwell updated SHIRO-752:
-----------------------------------
    Description: 
h2. Problem description

`public boolean[] isPermitted(PrincipalCollection principals, List<Permission> 
permissions)` will check every realm for every permission and does not short 
circuit.
{code:java}
if (permissions != null && permissions.length > 0) { 

  boolean[] isPermitted = new boolean[permissions.length];

  for (int i = 0; i < permissions.length; i++) { 
    isPermitted[i] = isPermitted(principals, permissions[i]);
  }

  return isPermitted; 
}

return new boolean[0];{code}
h2. Expected outcome

Check realm-by-realm, and only those permissions which are not already true
h2. Actual outcome

Each realm is checked anyway.
h2. Sample implementation

[https://github.com/riccardomodanese/shiro/commit/7b60f8be0a599dc5975e9a4b12f277a3475fdc93]

  was:
h2. Problem description

`public boolean[] isPermitted(PrincipalCollection principals, List<Permission> 
permissions)` will check every realm for every permission and does not short 
circuit.
{code:java}
if (permissions != null && permissions.length > 0) { 

  boolean[] isPermitted = new boolean[permissions.length];

  for (int i = 0; i < permissions.length; i++) { 
    isPermitted[i] = isPermitted(principals, permissions[i]);
  }

  return isPermitted; 
}

return new boolean[0];{code}
h2. Expected outcome

Check realm-by-realm, and only those permissions which are not already true
h2. Actual outcome

Each realm is checked anyway.


> Unnecessary realm checks in ModularRealmAuthorizer
> --------------------------------------------------
>
>                 Key: SHIRO-752
>                 URL: https://issues.apache.org/jira/browse/SHIRO-752
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Authorization (access control) 
>    Affects Versions: 1.5.2
>            Reporter: Benjamin Marwell
>            Priority: Major
>
> h2. Problem description
> `public boolean[] isPermitted(PrincipalCollection principals, 
> List<Permission> permissions)` will check every realm for every permission 
> and does not short circuit.
> {code:java}
> if (permissions != null && permissions.length > 0) { 
>   boolean[] isPermitted = new boolean[permissions.length];
>   for (int i = 0; i < permissions.length; i++) { 
>     isPermitted[i] = isPermitted(principals, permissions[i]);
>   }
>   return isPermitted; 
> }
> return new boolean[0];{code}
> h2. Expected outcome
> Check realm-by-realm, and only those permissions which are not already true
> h2. Actual outcome
> Each realm is checked anyway.
> h2. Sample implementation
> [https://github.com/riccardomodanese/shiro/commit/7b60f8be0a599dc5975e9a4b12f277a3475fdc93]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (SHIRO-752) Unnecessary realm checks in ModularRealmAuthorizer

Reply via email to