[
https://issues.apache.org/jira/browse/SHIRO-156?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kalle Korhonen reassigned SHIRO-156:
------------------------------------
Assignee: Kalle Korhonen
> SimpleAuthenticationInfo.merge does not merge principals if its internal
> principal collection is not mutable
> ------------------------------------------------------------------------------------------------------------
>
> Key: SHIRO-156
> URL: https://issues.apache.org/jira/browse/SHIRO-156
> Project: Shiro
> Issue Type: Bug
> Components: Authentication (log-in)
> Affects Versions: 0.9
> Reporter: Bryan Turner
> Assignee: Kalle Korhonen
> Fix For: 1.0.0
>
>
> In SimpleAuthenticationInfo.merge(AuthenticationInfo), there is the following
> code:
> {code}
> if (this.principals == null) {
> this.principals = info.getPrincipals();
> } else {
> if (this.principals instanceof MutablePrincipalCollection) {
> ((MutablePrincipalCollection)
> this.principals).addAll(info.getPrincipals());
> } else {
> this.principals = new
> SimplePrincipalCollection(this.principals);
> }
> }
> {code}
> The logic in the nested else block appears incorrect. If the current
> "principals" collection is not MutablePrincipalCollection, a new
> SimplePrincipalCollection, which is mutable, is constructed from it. However,
> it does not copy the principals from other.getPrincipals(), which by that
> point in the method is known to be non-null and non-empty, after it makes a
> mutable principal collection.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
