Thanks for the example... yes, for your case, the switch user filter does not filter the authorities... This would require an improvement to the current implementation to optionally filter target authorities.
I would suggest either creating a JIRA entry for this improvement, so we can schedule and plan it
http://opensource.atlassian.com/projects/spring/browse/SEC?report=com.atlassian.jira.plugin.system.project:roadmap-panel
Or extending the current Filter for your particular needs.
Also if you wanted to submit a patch to JIRA, that would also be more than welcome.
Cheers
Mark
Hi Mark,Probably should have given an example... so I will now.Alice: ROLE_ADMINBob: ROLE_NORMAL_USER, ROLE_USER_ONLYI want to allow Alice to impersonate Bob but not allow her to get specific types of authorities.So if Alice impersonates Bob...Alice: ROLE_NORMAL_USER----I want to be able to apply an "authority filter" to a switch user operation such that an impersonater will run with all the target user's authorities except for any authority that matches a particular pattern. This is because those particular authorities are "special", "dangerous", etc.-----Original Message-----Hi Jason,
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mark St.Godard
Sent: Tuesday, 10 October 2006 9:24 PM
To: acegisecurity-developer@lists.sourceforge.net
Subject: Re: [Acegisecurity-developer] SwitchUserProcessingFilter that doesn't quite switch everything
Can you clarify what you mean by
"I want to be able to impersonate another user (i.e. switch user) for a specific authority that I don't want to allow when impersonating."
Do you mean that once you switch to a user, you dont actually want to run with that target user's authorities?
User A (has) ROLE_ADMIN
User B (has) ROLE_CUSTOMER
User A switches to User B, what authorities should (he/she) have?
Cheers
Mark
On 10/10/06, Jason Yip < [EMAIL PROTECTED]> wrote:I want to be able to impersonate another user (i.e. switch user) for a specific authority that I don't want to allow when impersonating.
At this point it looks like I need to copy and modify SwitchUserProcessingFilter as it doesn't seem to have the extension points to easily support this.
Am I missing something? Is there another way to implement this kind of partial impersonation?
NOTICE
This e-mail and any attachments are confidential and may contain copyright material of Macquarie Bank or third parties. If you are not the intended recipient of this email you should not read, print, re-transmit, store or act in reliance on this e-mail or any attachments, and should destroy all copies of them. Macquarie Bank does not guarantee the integrity of any emails or any attached files. The views or opinions expressed are the author's own and may not reflect the views or opinions of Macquarie Bank.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
