[jira] Commented: (SHIRO-156) SimpleAuthenticationInfo.merge does not merge principals if its internal principal collection is not mutable

Sat, 08 May 2010 21:27:12 -0700 

    [ 
https://issues.apache.org/jira/browse/SHIRO-156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12865534#action_12865534
 ] 

Bryan Turner commented on SHIRO-156:
------------------------------------

I believe the logic should look like this:

{code} 
        if (this.principals == null) { 
            this.principals = info.getPrincipals(); 
        } else { 
            if (!(this.principals instanceof MutablePrincipalCollection)) { 
                this.principals = new 
SimplePrincipalCollection(this.principals); 
            }
            ((MutablePrincipalCollection) 
this.principals).addAll(info.getPrincipals()); 
        } 
{code}

This will transform the internal principal collection into a mutable one if 
necessary and will always merge info.getPrincipals() into it.

> SimpleAuthenticationInfo.merge does not merge principals if its internal 
> principal collection is not mutable
> ------------------------------------------------------------------------------------------------------------
>
>                 Key: SHIRO-156
>                 URL: https://issues.apache.org/jira/browse/SHIRO-156
>             Project: Shiro
>          Issue Type: Bug
>          Components: Authentication (log-in)
>    Affects Versions: 0.9
>            Reporter: Bryan Turner
>
> In SimpleAuthenticationInfo.merge(AuthenticationInfo), there is the following 
> code:
> {code}
>         if (this.principals == null) {
>             this.principals = info.getPrincipals();
>         } else {
>             if (this.principals instanceof MutablePrincipalCollection) {
>                 ((MutablePrincipalCollection) 
> this.principals).addAll(info.getPrincipals());
>             } else {
>                 this.principals = new 
> SimplePrincipalCollection(this.principals);
>             }
>         }
> {code}
> The logic in the nested else block appears incorrect. If the current 
> "principals" collection is not MutablePrincipalCollection, a new 
> SimplePrincipalCollection, which is mutable, is constructed from it. However, 
> it does not copy the principals from other.getPrincipals(), which by that 
> point in the method is known to be non-null and non-empty, after it makes a 
> mutable principal collection.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to