killbill-memoizeit

util: fix StackOverflowError in DefaultSecurityApi See …

8/13/2014 11:49:15 AM

details in https://issues.apache.org/jira/browse/SHIRO-510.

The workaround is to skip login if the login attempt is for the same principal
as the current authenticated user. Unclear if it's the right fix, waiting for
feedback on the ticket.

Signed-off-by: Pierre-Alexandre Meyer <pierre@mouraf.org>

Pierre-Alexandre Meyer

Commit: 6e6d61c

Tree: 7defc53

Parents: 657a1e5

Changes

util/src/main/java/org/killbill/billing/util/security/api/DefaultSecurityApi.java 9(+8 -1)

Details

util/src/main/java/org/killbill/billing/util/security/api/DefaultSecurityApi.java 9(+8 -1)

diff --git a/util/src/main/java/org/killbill/billing/util/security/api/DefaultSecurityApi.java b/util/src/main/java/org/killbill/billing/util/security/api/DefaultSecurityApi.java
index a699084..5d0bc2b 100644
--- a/util/src/main/java/org/killbill/billing/util/security/api/DefaultSecurityApi.java
+++ b/util/src/main/java/org/killbill/billing/util/security/api/DefaultSecurityApi.java
@@ -40,9 +40,16 @@ public class DefaultSecurityApi implements SecurityApi {
     private static final String[] allPermissions = new String[Permission.values().length];
 
     @Override
-    public void login(final Object principal, final Object credentials) {
+    public synchronized void login(final Object principal, final Object credentials) {
         final Subject currentUser = SecurityUtils.getSubject();
 
+        // Workaround for https://issues.apache.org/jira/browse/SHIRO-510
+        // TODO Not sure if it's a good fix?
+        if (principal.equals(currentUser.getPrincipal()) &&
+            currentUser.isAuthenticated()) {
+            return;
+        }
+
         // UsernamePasswordToken is hardcoded in AuthenticatingRealm
         if (principal instanceof String && credentials instanceof String) {
             currentUser.login(new UsernamePasswordToken((String) principal, (String) credentials));