Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-420

Allow a configurable strategy to backup runAs() informations

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.2.1
    • Fix Version/s: None
    • Component/s: Configuration
    • Labels:
      None

      Description

      Subject.runAs() saves current subject principal in a stack into user session ; this saved information will be popped by Subject.releaseRunAs().
      Thus Subject.runAs() is not usable with the noSessionFilter.
      Use of session may not always be desirable (in case of stateless web application where no session should be created).

      Alternatively it would be interesting to be able to configure the way runAs() informations are saved.
      A RunAsManager (or something similar) in the SecurityManager that could be consulted for runAs operations. Then you could plug in a persistence strategy, whether it be via the session or something else.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              momaison Maison
            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: