Merge pull request #220 from bmhm/SHIRO-551 [SHIRO-551] Implement toString() for DelegatingSubject.java.

commit: 8e3042fc9499a3fc1052de7b604a237c83a255b3 [log] [tgz]
author: François Papon <fpapon@apache.org> Sun Jul 05 17:38:23 2020 +0200
committer: GitHub <noreply@github.com> Sun Jul 05 17:38:23 2020 +0200
tree: ec9c30354418b9830e9acc09bbf1370b9af9897c
parent: 76d22f85871ccf67f6c266ab59018ce52b861f60 [diff]
parent: 062c8e383b8f657c0b6ff735018d85a2e74d4322 [diff]
diff --git a/core/src/main/java/org/apache/shiro/subject/support/DelegatingSubject.java b/core/src/main/java/org/apache/shiro/subject/support/DelegatingSubject.java
index 5581b7a..d3040d1 100644
--- a/core/src/main/java/org/apache/shiro/subject/support/DelegatingSubject.java
+++ b/core/src/main/java/org/apache/shiro/subject/support/DelegatingSubject.java

@@ -41,6 +41,7 @@
 
 import java.util.Collection;
 import java.util.List;
+import java.util.StringJoiner;
 import java.util.concurrent.Callable;
 import java.util.concurrent.CopyOnWriteArrayList;
 
@@ -515,4 +516,16 @@
 
         return popped;
     }
+
+    @Override
+    public String toString() {
+        return new StringJoiner(", ", "DelegatingSubject{", "}")
+            .add("principals=" + principals)
+            .add("authenticated=" + authenticated)
+            .add("host='******")
+            .add("session='******'")
+            .add("sessionCreationEnabled=" + sessionCreationEnabled)
+            .add("securityManager=" + securityManager)
+            .toString();
+    }
 }

diff --git a/core/src/test/java/org/apache/shiro/subject/DelegatingSubjectTest.java b/core/src/test/java/org/apache/shiro/subject/DelegatingSubjectTest.java
index ee04e6d..2bc0bbe 100644
--- a/core/src/test/java/org/apache/shiro/subject/DelegatingSubjectTest.java
+++ b/core/src/test/java/org/apache/shiro/subject/DelegatingSubjectTest.java

@@ -216,4 +216,25 @@
 
         LifecycleUtils.destroy(sm);
     }
+
+    @Test
+    public void testToString() {
+        // given
+        String username = "jsmith";
+
+        DefaultSecurityManager securityManager = new DefaultSecurityManager();
+        PrincipalCollection identity = new SimplePrincipalCollection(username, "testRealm");
+        final String hostname = "localhost";
+        final DelegatingSubject sourceSubject = new DelegatingSubject(identity, true, hostname, null, securityManager);
+
+        // when
+        final String subjectToString = sourceSubject.toString();
+
+        // then
+        final Session session = sourceSubject.getSession(true);
+        String sesionId = (String) session.getId();
+        assertFalse("toString must not leak sessionId", subjectToString.contains(sesionId));
+        assertFalse("toString must not leak host", subjectToString.contains(hostname));
+    }
+
 }
commit	8e3042fc9499a3fc1052de7b604a237c83a255b3	[log] [tgz]
author	François Papon <fpapon@apache.org>	Sun Jul 05 17:38:23 2020 +0200
committer	GitHub <noreply@github.com>	Sun Jul 05 17:38:23 2020 +0200
tree	ec9c30354418b9830e9acc09bbf1370b9af9897c
parent	76d22f85871ccf67f6c266ab59018ce52b861f60 [diff]
parent	062c8e383b8f657c0b6ff735018d85a2e74d4322 [diff]