shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bdem...@apache.org
Subject shiro git commit: SHIRO-603 - fix for endless recursion in ShiroSecurityContext.getUserPrincipal()
Date Mon, 21 Nov 2016 23:16:33 GMT
Repository: shiro
Updated Branches:
  refs/heads/master 64d61b13f -> 6d738af36


SHIRO-603 - fix for endless recursion in ShiroSecurityContext.getUserPrincipal()


Project: http://git-wip-us.apache.org/repos/asf/shiro/repo
Commit: http://git-wip-us.apache.org/repos/asf/shiro/commit/6d738af3
Tree: http://git-wip-us.apache.org/repos/asf/shiro/tree/6d738af3
Diff: http://git-wip-us.apache.org/repos/asf/shiro/diff/6d738af3

Branch: refs/heads/master
Commit: 6d738af363bb8cf0ea8fbe345a7bcbcbe92b302a
Parents: 64d61b1
Author: Brian Demers <bdemers@apache.org>
Authored: Mon Nov 21 18:16:18 2016 -0500
Committer: Brian Demers <bdemers@apache.org>
Committed: Mon Nov 21 18:16:18 2016 -0500

----------------------------------------------------------------------
 .../shiro/web/jaxrs/ShiroSecurityContext.java       |  4 +++-
 .../shiro/web/jaxrs/ShiroSecurityContextTest.groovy | 16 ++++++++--------
 .../jaxrs/SubjectPrincipalRequestFilterTest.groovy  |  7 +++++--
 3 files changed, 16 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/shiro/blob/6d738af3/support/jaxrs/src/main/java/org/apache/shiro/web/jaxrs/ShiroSecurityContext.java
----------------------------------------------------------------------
diff --git a/support/jaxrs/src/main/java/org/apache/shiro/web/jaxrs/ShiroSecurityContext.java
b/support/jaxrs/src/main/java/org/apache/shiro/web/jaxrs/ShiroSecurityContext.java
index 867ce48..7da5e89 100644
--- a/support/jaxrs/src/main/java/org/apache/shiro/web/jaxrs/ShiroSecurityContext.java
+++ b/support/jaxrs/src/main/java/org/apache/shiro/web/jaxrs/ShiroSecurityContext.java
@@ -35,9 +35,11 @@ import java.security.Principal;
 public class ShiroSecurityContext implements SecurityContext {
 
     final private ContainerRequestContext containerRequestContext;
+    final private SecurityContext originalSecurityContext;
 
     public ShiroSecurityContext(ContainerRequestContext containerRequestContext) {
         this.containerRequestContext = containerRequestContext;
+        this.originalSecurityContext = containerRequestContext.getSecurityContext();
     }
 
     @Override
@@ -55,7 +57,7 @@ public class ShiroSecurityContext implements SecurityContext {
             }
         }
         else {
-            result = containerRequestContext.getSecurityContext().getUserPrincipal();
+            result = originalSecurityContext.getUserPrincipal();
         }
 
         return result;

http://git-wip-us.apache.org/repos/asf/shiro/blob/6d738af3/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy
----------------------------------------------------------------------
diff --git a/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy
b/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy
index 5d7e947..a90c555 100644
--- a/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy
+++ b/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy
@@ -41,12 +41,12 @@ class ShiroSecurityContextTest {
     void testIsSecure() {
         def requestContext = mock(ContainerRequestContext)
         def originalSecurityContext = mock(SecurityContext)
-        def shrioContext = new ShiroSecurityContext(requestContext)
 
         expect(requestContext.getSecurityContext()).andReturn(originalSecurityContext).anyTimes()
         expect(originalSecurityContext.isSecure()).andReturn(true)
         replay requestContext, originalSecurityContext
 
+        def shrioContext = new ShiroSecurityContext(requestContext)
         assertTrue shrioContext.isSecure()
 
         verify requestContext, originalSecurityContext
@@ -56,12 +56,12 @@ class ShiroSecurityContextTest {
     void testGetAuthenticationScheme() {
         def requestContext = mock(ContainerRequestContext)
         def originalSecurityContext = mock(SecurityContext)
-        def shrioContext = new ShiroSecurityContext(requestContext)
 
         expect(requestContext.getSecurityContext()).andReturn(originalSecurityContext).anyTimes()
         expect(originalSecurityContext.getAuthenticationScheme()).andReturn("https")
         replay requestContext, originalSecurityContext
 
+        def shrioContext = new ShiroSecurityContext(requestContext)
         assertEquals "https", shrioContext.getAuthenticationScheme()
 
         verify requestContext, originalSecurityContext
@@ -71,7 +71,6 @@ class ShiroSecurityContextTest {
     void testGetUserPrincipalWithString() {
         def requestContext = mock(ContainerRequestContext)
         def originalSecurityContext = mock(SecurityContext)
-        def shrioContext = new ShiroSecurityContext(requestContext)
         def subject = mock(Subject)
         ThreadContext.bind(subject)
 
@@ -80,6 +79,7 @@ class ShiroSecurityContextTest {
 
         replay requestContext, originalSecurityContext, subject
 
+        def shrioContext = new ShiroSecurityContext(requestContext)
         def resultPrincipal = shrioContext.getUserPrincipal()
         assertSame "TestUser", resultPrincipal.getName()
 
@@ -90,7 +90,6 @@ class ShiroSecurityContextTest {
     void testGetUserPrincipalNoPrincipal() {
         def requestContext = mock(ContainerRequestContext)
         def originalSecurityContext = mock(SecurityContext)
-        def shrioContext = new ShiroSecurityContext(requestContext)
         def subject = mock(Subject)
         ThreadContext.bind(subject)
 
@@ -100,6 +99,7 @@ class ShiroSecurityContextTest {
 
         replay requestContext, originalSecurityContext, subject
 
+        def shrioContext = new ShiroSecurityContext(requestContext)
         assertNull shrioContext.getUserPrincipal()
 
         verify requestContext, originalSecurityContext, subject
@@ -109,7 +109,6 @@ class ShiroSecurityContextTest {
     void testGetUserPrincipalPrincipalObject() {
         def requestContext = mock(ContainerRequestContext)
         def originalSecurityContext = mock(SecurityContext)
-        def shrioContext = new ShiroSecurityContext(requestContext)
         def subject = mock(Subject)
         ThreadContext.bind(subject)
 
@@ -118,6 +117,7 @@ class ShiroSecurityContextTest {
 
         replay requestContext, originalSecurityContext, subject
 
+        def shrioContext = new ShiroSecurityContext(requestContext)
         def resultPrincipal = shrioContext.getUserPrincipal()
         assertSame "Tester", resultPrincipal.getName()
 
@@ -128,7 +128,6 @@ class ShiroSecurityContextTest {
     void testUserInRoleTrue() {
         def requestContext = mock(ContainerRequestContext)
         def originalSecurityContext = mock(SecurityContext)
-        def shrioContext = new ShiroSecurityContext(requestContext)
         def subject = mock(Subject)
         ThreadContext.bind(subject)
 
@@ -137,6 +136,7 @@ class ShiroSecurityContextTest {
 
         replay requestContext, originalSecurityContext, subject
 
+        def shrioContext = new ShiroSecurityContext(requestContext)
         assertTrue shrioContext.isUserInRole("test-role")
 
         verify requestContext, originalSecurityContext, subject
@@ -146,7 +146,6 @@ class ShiroSecurityContextTest {
     void testUserInRoleFalse() {
         def requestContext = mock(ContainerRequestContext)
         def originalSecurityContext = mock(SecurityContext)
-        def shrioContext = new ShiroSecurityContext(requestContext)
         def subject = mock(Subject)
         ThreadContext.bind(subject)
 
@@ -155,6 +154,7 @@ class ShiroSecurityContextTest {
 
         replay requestContext, originalSecurityContext, subject
 
+        def shrioContext = new ShiroSecurityContext(requestContext)
         assertFalse shrioContext.isUserInRole("test-role")
 
         verify requestContext, originalSecurityContext, subject
@@ -164,7 +164,6 @@ class ShiroSecurityContextTest {
     void testPrincipalEquals() {
         def requestContext = mock(ContainerRequestContext)
         def originalSecurityContext = mock(SecurityContext)
-        def shrioContext = new ShiroSecurityContext(requestContext)
         def subject = mock(Subject)
         ThreadContext.bind(subject)
 
@@ -174,6 +173,7 @@ class ShiroSecurityContextTest {
 
         replay requestContext, originalSecurityContext, subject
 
+        def shrioContext = new ShiroSecurityContext(requestContext)
         def result1Principal = shrioContext.getUserPrincipal()
         def result2Principal = shrioContext.getUserPrincipal()
 

http://git-wip-us.apache.org/repos/asf/shiro/blob/6d738af3/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/SubjectPrincipalRequestFilterTest.groovy
----------------------------------------------------------------------
diff --git a/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/SubjectPrincipalRequestFilterTest.groovy
b/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/SubjectPrincipalRequestFilterTest.groovy
index 7ae75cd..ecaf028 100644
--- a/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/SubjectPrincipalRequestFilterTest.groovy
+++ b/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/SubjectPrincipalRequestFilterTest.groovy
@@ -22,6 +22,7 @@ import org.easymock.Capture
 import org.junit.Test
 
 import javax.ws.rs.container.ContainerRequestContext
+import javax.ws.rs.core.SecurityContext
 
 import static org.easymock.EasyMock.*
 import static org.junit.Assert.*
@@ -38,12 +39,14 @@ class SubjectPrincipalRequestFilterTest {
 
         def contextCapture = new Capture<ShiroSecurityContext>()
         def requestContext = mock(ContainerRequestContext)
+        def originalSecurityContext = mock(SecurityContext)
+        expect(requestContext.getSecurityContext()).andReturn(originalSecurityContext)
         expect(requestContext.setSecurityContext(capture(contextCapture)))
-        replay requestContext
+        replay requestContext, originalSecurityContext
 
         filter.filter(requestContext)
 
-        verify requestContext
+        verify requestContext, originalSecurityContext
         assertSame requestContext, contextCapture.value.containerRequestContext
     }
 


Mime
View raw message