[
https://issues.apache.org/jira/browse/SHIRO-420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15095147#comment-15095147
]
Amol Deshmukh commented on SHIRO-420:
-------------------------------------
I share the same concern as the reporter. We have a stateless application which
needs to support delegation.
I wonder if this could simply be supported using ThreadLocal storage for the
stack of runAs principals? Or perhaps allow a way to configure/plugin a
strategy for managing the runAs stack.
> Allow a configurable strategy to backup runAs() informations
> ------------------------------------------------------------
>
> Key: SHIRO-420
> URL: https://issues.apache.org/jira/browse/SHIRO-420
> Project: Shiro
> Issue Type: Improvement
> Components: Configuration
> Affects Versions: 1.2.1
> Reporter: Maison
>
> Subject.runAs() saves current subject principal in a stack into user session
> ; this saved information will be popped by Subject.releaseRunAs().
> Thus Subject.runAs() is not usable with the noSessionFilter.
> Use of session may not always be desirable (in case of stateless web
> application where no session should be created).
> Alternatively it would be interesting to be able to configure the way runAs()
> informations are saved.
> A RunAsManager (or something similar) in the SecurityManager that could be
> consulted for runAs operations. Then you could plug in a persistence
> strategy, whether it be via the session or something else.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
