Hi
Right after SecurityUtils.getSubject().runAs(new new
SimplePrincipalCollection(){...})
SecurityUtils.getSubject().getPrincipal() returns correct new Principal
SecurityUtils.getSubject()..getPreviousPrincipals() returns correct original
Principal
but DefaultSubjectDAO merge principals in method
protected void mergePrincipals(Subject subject) {
PrincipalCollection currentPrincipals = subject.getPrincipals();
...
if (session == null) {
...
} else {
PrincipalCollection existingPrincipals = (PrincipalCollection)
session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
if (CollectionUtils.isEmpty(currentPrincipals)) {
...
} else {
if (!currentPrincipals.equals(existingPrincipals)) {
session.setAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY,
currentPrincipals);
}
}
}
and after that
SecurityUtils.getSubject().getPrincipal() and
SecurityUtils.getSubject().getPreviousPrincipals() both returns new
Principal - this is wrong behavior
Your thoughts and time on this will be of much help.
Thank you
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Shiro1-2-runAs-feature-doesn-t-works-tp7239255p7239255.html
Sent from the Shiro User mailing list archive at Nabble.com.
