Hi.

I've granted permissions for a identity type for my few hibernate entitiy objects. Objects are instanes of different classes.

When I want to list all existing permission for this user using method listPermissions(IdentityType identityType) from PermissionManager class then result list contains entries with wrong filled 'resourceClass' field.

All Permission objects existing in result list have 'resourceClass' field set to class from first Permission object found by query.

---------------------

I think problem can be in implementation of JPAIdentityStore class, method List<Permission> listPermissions(IdentityContext ctx, IdentityPermission query) (line 1654)

In this case (when searching is perform by identity type) resourceClass parameter is not provided by IdentityPermission object.

That causes resourceClass variable is null until permissions adding do result list. In line 1709 there is start of loop, iteration by 'result' collection. In line 1739 there is a check if resourceClass is null. In first iteration this condition is true, so there is a change of 'resourceClass' variable value to class of first element in 'results' collection. Then new IdentityPermission object is added to 'perms' collection in 1763 line.

In next iteration resourceClass value is not null anymore, so there is not value changing to new class from next 'result'.

Next IdentityPermission object is added to 'perms' collection with wrong 'resourceClass' value.

In result, all Permission objects in result list have wrong 'resourceClass' value, which is copy of this value from first entry in this list.