GitHub user snoopdave opened a pull request:
https://github.com/apache/usergrid/pull/526
Better Shiro permission cache key logic
The original cache key logic did not work well when the principal was not a
user (e.g. application or organization credentials) and because of that it was
possible for a guest user to use the same cache key as an application or
organization, and possibly gain the same level of access.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/snoopdave/usergrid shiro-cache-key-fix
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/usergrid/pull/526.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #526
----
commit e2ebc468b2e72cb9cec98bd8f91ee07d507d1c59
Author: Dave Johnson <[email protected]>
Date: 2016-05-20T02:39:05Z
Better Shiro cache key logic
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
