New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SHIRO-661] Add check for the principal of subject whether is null #90
[SHIRO-661] Add check for the principal of subject whether is null #90
Conversation
Thanks @plx927! I'm thinking we should probably update the current |
retest this please |
Refer to this link for build results (access rights to CI server needed): Build result: FAILURE[...truncated 3.24 MB...][JENKINS] Archiving /home/jenkins/jenkins-slave/workspace/Shiro-pr/crypto/cipher/pom.xml to org.apache.shiro/shiro-crypto-cipher/1.4.1-SNAPSHOT/shiro-crypto-cipher-1.4.1-SNAPSHOT.pom[JENKINS] Archiving /home/jenkins/jenkins-slave/workspace/Shiro-pr/crypto/cipher/target/shiro-crypto-cipher-1.4.1-SNAPSHOT.jar to org.apache.shiro/shiro-crypto-cipher/1.4.1-SNAPSHOT/shiro-crypto-cipher-1.4.1-SNAPSHOT.jar[JENKINS] Archiving /home/jenkins/jenkins-slave/workspace/Shiro-pr/crypto/cipher/target/shiro-crypto-cipher-1.4.1-SNAPSHOT-javadoc.jar to org.apache.shiro/shiro-crypto-cipher/1.4.1-SNAPSHOT/shiro-crypto-cipher-1.4.1-SNAPSHOT-javadoc.jar[JENKINS] Archiving /home/jenkins/jenkins-slave/workspace/Shiro-pr/crypto/cipher/target/shiro-crypto-cipher-1.4.1-SNAPSHOT-sources.jar to org.apache.shiro/shiro-crypto-cipher/1.4.1-SNAPSHOT/shiro-crypto-cipher-1.4.1-SNAPSHOT-sources.jar[JENKINS] Archiving /home/jenkins/jenkins-slave/workspace/Shiro-pr/samples/web/pom.xml to org.apache.shiro.samples/samples-web/1.4.1-SNAPSHOT/samples-web-1.4.1-SNAPSHOT.pom[JENKINS] Archiving /home/jenkins/jenkins-slave/workspace/Shiro-pr/samples/web/target/samples-web-1.4.1-SNAPSHOT.war to org.apache.shiro.samples/samples-web/1.4.1-SNAPSHOT/samples-web-1.4.1-SNAPSHOT.war[JENKINS] Archiving /home/jenkins/jenkins-slave/workspace/Shiro-pr/samples/web/target/samples-web-1.4.1-SNAPSHOT-sources.jar to org.apache.shiro.samples/samples-web/1.4.1-SNAPSHOT/samples-web-1.4.1-SNAPSHOT-sources.jar[Fast Archiver] Compressed 2.43 MB of artifacts by 64.2% relative to #9[JENKINS] Archiving /home/jenkins/jenkins-slave/workspace/Shiro-pr/support/servlet-plugin/pom.xml to org.apache.shiro/shiro-servlet-plugin/1.4.1-SNAPSHOT/shiro-servlet-plugin-1.4.1-SNAPSHOT.pom[JENKINS] Archiving /home/jenkins/jenkins-slave/workspace/Shiro-pr/support/servlet-plugin/target/shiro-servlet-plugin-1.4.1-SNAPSHOT.jar to org.apache.shiro/shiro-servlet-plugin/1.4.1-SNAPSHOT/shiro-servlet-plugin-1.4.1-SNAPSHOT.jar[JENKINS] Archiving /home/jenkins/jenkins-slave/workspace/Shiro-pr/support/servlet-plugin/target/shiro-servlet-plugin-1.4.1-SNAPSHOT-sources.jar to org.apache.shiro/shiro-servlet-plugin/1.4.1-SNAPSHOT/shiro-servlet-plugin-1.4.1-SNAPSHOT-sources.jar[JENKINS] Archiving /home/jenkins/jenkins-slave/workspace/Shiro-pr/support/spring/pom.xml to org.apache.shiro/shiro-spring/1.4.1-SNAPSHOT/shiro-spring-1.4.1-SNAPSHOT.pom[JENKINS] Archiving /home/jenkins/jenkins-slave/workspace/Shiro-pr/support/spring/target/shiro-spring-1.4.1-SNAPSHOT.jar to org.apache.shiro/shiro-spring/1.4.1-SNAPSHOT/shiro-spring-1.4.1-SNAPSHOT.jar[JENKINS] Archiving /home/jenkins/jenkins-slave/workspace/Shiro-pr/support/spring/target/shiro-spring-1.4.1-SNAPSHOT-javadoc.jar to org.apache.shiro/shiro-spring/1.4.1-SNAPSHOT/shiro-spring-1.4.1-SNAPSHOT-javadoc.jar[JENKINS] Archiving /home/jenkins/jenkins-slave/workspace/Shiro-pr/support/spring/target/shiro-spring-1.4.1-SNAPSHOT-sources.jar to org.apache.shiro/shiro-spring/1.4.1-SNAPSHOT/shiro-spring-1.4.1-SNAPSHOT-sources.jar[JENKINS] Archiving /home/jenkins/jenkins-slave/workspace/Shiro-pr/support/guice/pom.xml to org.apache.shiro/shiro-guice/1.4.1-SNAPSHOT/shiro-guice-1.4.1-SNAPSHOT.pom[JENKINS] Archiving /home/jenkins/jenkins-slave/workspace/Shiro-pr/support/guice/target/shiro-guice-1.4.1-SNAPSHOT.jar to org.apache.shiro/shiro-guice/1.4.1-SNAPSHOT/shiro-guice-1.4.1-SNAPSHOT.jar[JENKINS] Archiving /home/jenkins/jenkins-slave/workspace/Shiro-pr/support/guice/target/shiro-guice-1.4.1-SNAPSHOT-tests.jar to org.apache.shiro/shiro-guice/1.4.1-SNAPSHOT/shiro-guice-1.4.1-SNAPSHOT-tests.jar[JENKINS] Archiving /home/jenkins/jenkins-slave/workspace/Shiro-pr/support/guice/target/shiro-guice-1.4.1-SNAPSHOT-javadoc.jar to org.apache.shiro/shiro-guice/1.4.1-SNAPSHOT/shiro-guice-1.4.1-SNAPSHOT-javadoc.jar[JENKINS] Archiving /home/jenkins/jenkins-slave/workspace/Shiro-pr/support/guice/target/shiro-guice-1.4.1-SNAPSHOT-sources.jar to org.apache.shiro/shiro-guice/1.4.1-SNAPSHOT/shiro-guice-1.4.1-SNAPSHOT-sources.jarchannel stoppedSetting status of 9c58d30 to FAILURE with url https://builds.apache.org/job/Shiro-pr/12/ and message: 'FAILURE 'Using context: Jenkins: mvn clean install |
retest this please |
Refer to this link for build results (access rights to CI server needed): |
I created a Jira for this: |
@bdemers as we have no update about the user, can I merge this and made the update in the |
@fpapon i think we would want to figure out how/why a subject is authenticated without a principal. Possibly making the default |
@bdemers ok, if I understand the use case, this is about the serialization of the |
AHH!! maybe adding the null check to |
Yes I think so :) |
I think we could add shiro/core/src/main/java/org/apache/shiro/subject/support/DelegatingSubject.java Line 297 in 22a2612
|
9c58d30
to
148eeb7
Compare
Refer to this link for build results (access rights to CI server needed): |
When session is based on servlet container(such as tomcat),if the subject is authenticated,the session will contains
AUTHENTICATED_SESSION_KEY
andPRINCIPALS_SESSION_KEY
。When servlet container closed, it may will be persist session.
But if the principal can not be serializable, it will not be persisted; when server restart, session will only contains
AUTHENTICATED_SESSION_KEY
info ,thePRINCIPALS_SESSION_KEY
will be lost,it means the subject is authenticated, but the subject does not has principal。If the user code is
Recently, my project has happened such case, so I think add check for principal of subject whether is null can make application more powerful.