SimpleAuthenticationInfo.merge does not merge principals if its internal
principal collection is not mutable
------------------------------------------------------------------------------------------------------------
Key: SHIRO-156
URL: https://issues.apache.org/jira/browse/SHIRO-156
Project: Shiro
Issue Type: Bug
Components: Authentication (log-in)
Affects Versions: 0.9
Reporter: Bryan Turner
In SimpleAuthenticationInfo.merge(AuthenticationInfo), there is the following
code:
{code}
if (this.principals == null) {
this.principals = info.getPrincipals();
} else {
if (this.principals instanceof MutablePrincipalCollection) {
((MutablePrincipalCollection)
this.principals).addAll(info.getPrincipals());
} else {
this.principals = new
SimplePrincipalCollection(this.principals);
}
}
{code}
The logic in the nested else block appears incorrect. If the current
"principals" collection is not MutablePrincipalCollection, a new
SimplePrincipalCollection, which is mutable, is constructed from it. However,
it does not copy the principals from other.getPrincipals(), which by that point
in the method is known to be non-null and non-empty, after it makes a mutable
principal collection.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
