shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lhazlew...@apache.org
Subject svn commit: r1403599 - in /shiro/branches/1.2.x/core/src: main/java/org/apache/shiro/mgt/DefaultSubjectDAO.java test/groovy/org/apache/shiro/mgt/DefaultSubjectDAOTest.groovy
Date Tue, 30 Oct 2012 01:29:07 GMT
Author: lhazlewood
Date: Tue Oct 30 01:29:06 2012
New Revision: 1403599

URL: http://svn.apache.org/viewvc?rev=1403599&view=rev
Log:
SHIRO-380: added quick patch fix for runAs.  This fix is point-version backwards and forwards
compatible.  A more suitable longer term solution should be addressed for Shiro 1.3 / 2.0
+

Modified:
    shiro/branches/1.2.x/core/src/main/java/org/apache/shiro/mgt/DefaultSubjectDAO.java
    shiro/branches/1.2.x/core/src/test/groovy/org/apache/shiro/mgt/DefaultSubjectDAOTest.groovy

Modified: shiro/branches/1.2.x/core/src/main/java/org/apache/shiro/mgt/DefaultSubjectDAO.java
URL: http://svn.apache.org/viewvc/shiro/branches/1.2.x/core/src/main/java/org/apache/shiro/mgt/DefaultSubjectDAO.java?rev=1403599&r1=1403598&r2=1403599&view=diff
==============================================================================
--- shiro/branches/1.2.x/core/src/main/java/org/apache/shiro/mgt/DefaultSubjectDAO.java (original)
+++ shiro/branches/1.2.x/core/src/main/java/org/apache/shiro/mgt/DefaultSubjectDAO.java Tue
Oct 30 01:29:06 2012
@@ -22,10 +22,13 @@ import org.apache.shiro.session.Session;
 import org.apache.shiro.subject.PrincipalCollection;
 import org.apache.shiro.subject.Subject;
 import org.apache.shiro.subject.support.DefaultSubjectContext;
+import org.apache.shiro.subject.support.DelegatingSubject;
 import org.apache.shiro.util.CollectionUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.lang.reflect.Field;
+
 /**
  * Default {@code SubjectDAO} implementation that stores Subject state in the Subject's Session
by default (but this
  * can be disabled - see below).  The Subject instance
@@ -174,7 +177,26 @@ public class DefaultSubjectDAO implement
     protected void mergePrincipals(Subject subject) {
         //merge PrincipalCollection state:
 
-        PrincipalCollection currentPrincipals = subject.getPrincipals();
+        PrincipalCollection currentPrincipals = null;
+
+        //SHIRO-380: added if/else block - need to retain original (source) principals
+        //This technique (reflection) is only temporary - a proper long term solution needs
to be found,
+        //but this technique allowed an immediate fix that is API point-version forwards
and backwards compatible
+        //
+        //A more comprehensive review / cleaning of runAs should be performed for Shiro 1.3
/ 2.0 +
+        if (subject.isRunAs() && subject instanceof DelegatingSubject) {
+            try {
+                Field field = DelegatingSubject.class.getDeclaredField("principals");
+                field.setAccessible(true);
+                currentPrincipals = (PrincipalCollection)field.get(subject);
+            } catch (Exception e) {
+                throw new IllegalStateException("Unable to access DelegatingSubject principals
property.", e);
+            }
+        }
+        if (currentPrincipals == null || currentPrincipals.isEmpty()) {
+            currentPrincipals = subject.getPrincipals();
+        }
+
         Session session = subject.getSession(false);
 
         if (session == null) {

Modified: shiro/branches/1.2.x/core/src/test/groovy/org/apache/shiro/mgt/DefaultSubjectDAOTest.groovy
URL: http://svn.apache.org/viewvc/shiro/branches/1.2.x/core/src/test/groovy/org/apache/shiro/mgt/DefaultSubjectDAOTest.groovy?rev=1403599&r1=1403598&r2=1403599&view=diff
==============================================================================
--- shiro/branches/1.2.x/core/src/test/groovy/org/apache/shiro/mgt/DefaultSubjectDAOTest.groovy
(original)
+++ shiro/branches/1.2.x/core/src/test/groovy/org/apache/shiro/mgt/DefaultSubjectDAOTest.groovy
Tue Oct 30 01:29:06 2012
@@ -127,6 +127,7 @@ class DefaultSubjectDAOTest extends Groo
 
         expect(subject.getSession(false)).andReturn null
 
+        expect(subject.isRunAs()).andReturn(false)
         expect(subject.principals).andReturn null
         expect(subject.getSession(false)).andReturn(null).anyTimes()
         expect(subject.authenticated).andReturn false
@@ -150,6 +151,7 @@ class DefaultSubjectDAOTest extends Groo
         def session = createStrictMock(Session)
         def principals = createStrictMock(PrincipalCollection)
 
+        expect(subject.runAs).andReturn false
         expect(subject.principals).andReturn principals
         expect(subject.getSession(false)).andReturn null //no session
         expect(principals.isEmpty()).andReturn(false).anyTimes()
@@ -174,6 +176,7 @@ class DefaultSubjectDAOTest extends Groo
         def subject = createStrictMock(Subject)
         def session = createStrictMock(Session)
 
+        expect(subject.runAs).andReturn(false)
         expect(subject.principals).andReturn null
         expect(subject.getSession(false)).andReturn(session).anyTimes()
 
@@ -198,6 +201,7 @@ class DefaultSubjectDAOTest extends Groo
         def session = createStrictMock(Session)
         def sessionPrincipals = createStrictMock(PrincipalCollection)
 
+        expect(subject.runAs).andReturn false
         expect(subject.principals).andReturn null
         expect(subject.getSession(false)).andReturn(session).anyTimes()
 
@@ -248,6 +252,7 @@ class DefaultSubjectDAOTest extends Groo
         def session = createStrictMock(Session)
         def subjectPrincipals = createStrictMock(PrincipalCollection)
 
+        expect(subject.runAs).andReturn false
         expect(subject.principals).andReturn subjectPrincipals
         expect(subject.getSession(false)).andReturn session
         expect(subjectPrincipals.isEmpty()).andReturn false



Mime
View raw message