Skip to content

Commit

Permalink
Mapper instance should not be cached in the policy, as per comment
Browse files Browse the repository at this point in the history
Signed-off-by: Arjan Tijms <[email protected]>
  • Loading branch information
arjantijms committed Mar 18, 2024
1 parent de76b2c commit 0e5c663
Showing 1 changed file with 2 additions and 10 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ public boolean impliesByRole(Permission permissionToBeChecked, Subject subject)
// Note that these are obtained for the current (application) context ID, and this policy could potentially
// be used for multiple context IDs. Therefore these objects should not be cached as instance data of this policy.
PolicyConfiguration policyConfiguration = getPolicyConfigurationFactory().getPolicyConfiguration();
PrincipalMapper roleMapper = getRoleMapper();
PrincipalMapper roleMapper = PolicyContext.get(PRINCIPAL_MAPPER);

if (!roleMapper.isAnyAuthenticatedUserRoleMapped() && !subject.getPrincipals().isEmpty()) {
// The "any authenticated user" role is not mapped, so available to anyone and the current
Expand Down Expand Up @@ -93,7 +93,7 @@ public PermissionCollection getPermissionCollection(Subject subject) {
Permissions permissions = new Permissions();

PolicyConfiguration policyConfiguration = getPolicyConfigurationFactory().getPolicyConfiguration();
PrincipalMapper roleMapper = getRoleMapper();
PrincipalMapper roleMapper = PolicyContext.get(PRINCIPAL_MAPPER);

PermissionCollection excludedPermissions = policyConfiguration.getExcludedPermissions();

Expand Down Expand Up @@ -125,14 +125,6 @@ private PolicyConfigurationFactory getPolicyConfigurationFactory() {
return policyConfigurationFactory;
}

private PrincipalMapper getRoleMapper() {
if (principalMapper == null) {
principalMapper = PolicyContext.get(PRINCIPAL_MAPPER);
}

return principalMapper;
}

private boolean isExcluded(PermissionCollection excludedPermissions, Permission permission) {
if (excludedPermissions.implies(permission)) {
return true;
Expand Down

0 comments on commit 0e5c663

Please sign in to comment.