[
https://issues.apache.org/jira/browse/ISIS-2550?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17292059#comment-17292059
]
Andi Huber commented on ISIS-2550:
----------------------------------
Is it safe to say, that impersonation also only makes sense in the context of
Wicket- and Vaadin-Viewer, but not when integration testing or with the RO
Viewer?
If so the HttpSession can be used to store impersonation information.
If we can use the HttpSession to store impersonation information, than its easy
to add a bit of logic to the SudoService that knows how to load and store
impersonation information from and to the HttpSession. Which in turn can be
used during the request/response cycle when the first authentication layer gets
created.
> Add support for impersonation
> -----------------------------
>
> Key: ISIS-2550
> URL: https://issues.apache.org/jira/browse/ISIS-2550
> Project: Isis
> Issue Type: Improvement
> Components: Isis Core
> Reporter: Andi Huber
> Priority: Major
> Fix For: 2.0.0-M6
>
>
> Impersonation works at the very bottom level of the authentication stack,
> that is, we would want the very first authentication layer that is pushed
> onto the stack to be impersonated; maybe we can account for that by extending
> the API and not changing the design.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
