While trying to implement my own subclasses of "DomainPermission", I noticed
that it doesn't work the way I expected. Here's the simple example that
illustrates the problem:
public class MyDomainPermission extends
org.apache.shiro.authz.permission.DomainPermission {
public MyDomainPermission(String actions) {
super(actions);
}
public static void main(String[] args) throws Exception {
MyDomainPermission p1 = new MyDomainPermission("x");
MyDomainPermission p2 = new MyDomainPermission("x");
p2.setTargets(Collections.singleton("x"));
System.out.println(p1.implies(p2));
System.out.println(p2.implies(p1)); // Prints TRUE while should
be FALSE!
}
}
Looking at the source code of "DomainPermission.setTargets", I see a very
strange lines of code:
protected void setTargets(Set<String> targets) {
this.targets = targets;
if (this.targets != null && this.targets.equals(targets)) {
return;
}
this.targets = targets;
setParts(domain, actions, targets);
}
Note, that there're two similar lines:
this.targets = targets;
The first one of those shouldn't be there because it makes "equals"
condition in next line to be always "true", which in turn prevents
"setParts" method from being invoked and thus updating "parts" collection.
Is this a known issue?
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/DomainPermission-setTargets-bug-tp7579366.html
Sent from the Shiro User mailing list archive at Nabble.com.
