[SHIRO-156] SimpleAuthenticationInfo.merge does not merge principals if its internal principal collection is not mutable - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 0.9
Fix Version/s: 1.0.0
Component/s: Authentication (log-in)
Labels:
None

Description

In SimpleAuthenticationInfo.merge(AuthenticationInfo), there is the following code:

        if (this.principals == null) {
            this.principals = info.getPrincipals();
        } else {
            if (this.principals instanceof MutablePrincipalCollection) {
                ((MutablePrincipalCollection) this.principals).addAll(info.getPrincipals());
            } else {
                this.principals = new SimplePrincipalCollection(this.principals);
            }
        }

The logic in the nested else block appears incorrect. If the current "principals" collection is not MutablePrincipalCollection, a new SimplePrincipalCollection, which is mutable, is constructed from it. However, it does not copy the principals from other.getPrincipals(), which by that point in the method is known to be non-null and non-empty, after it makes a mutable principal collection.

Attachments

Activity

People

Assignee:: Kalle Korhonen

Reporter:: Bryan Turner

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 09/May/10 04:21

Updated:: 11/Jun/10 22:01

Resolved:: 15/May/10 05:45