Commits

Sebastian Sdorra committed 8504789

improve security of administration context

  • Participants
  • Parent commits 654dcf1
  • Branches apache-shiro

Comments (0)

Files changed (1)

File scm-webapp/src/main/java/sonia/scm/web/security/DefaultAdministrationContext.java

 
     Subject subject = SecurityUtils.getSubject();
 
+    String principal = (String) subject.getPrincipal();
+
     if (logger.isInfoEnabled())
     {
       String username = null;
 
       if (subject.isAuthenticated())
       {
-        username = subject.getPrincipal().toString();
+        username = principal;
       }
       else
       {
         logger.debug("release runas for user {}",
           collection.getPrimaryPrincipal());
       }
+
+      if (!subject.getPrincipal().equals(principal))
+      {
+        logger.error("release runas failed, {} is not equal with {}, logout.",
+          subject.getPrincipal(), principal);
+        subject.logout();
+      }
     }
   }