Normally, when we want to implement a piece of MMBase functionality (e.g.I totally agree that we lack functionality here, but i am missing some functionality in your implementation.
some scheduled job), we want to use 'bridge', because its much cleaner
interface. But to use bridge, you need to be logged on. So not seldomly, we
see code to acquire a Cloud, where authentication credententials are
hard-coded.
I myselve was more thinking about the following sollution:
Object ExecuteAs(UserContext user, SuduInterface toExecute)
Object ExecuteAs(SuduInterface toExecute, string UserId)
Object ExecuteAs(UserContext user, SuduInterface toExecute, string UserId)
and the interface:
public interface SuduInterface {
public Object secureRun(CloudContext);
}Ofcourse this has to be wrapped by the cloud.
Personally i like the idea that:
- Classes that wantto execute code as an user have to implement a certain interface
- The execution of classes should be a trival part of MMBase and should therefore not be made implementation dependend, but it should be integrated into the interface. Using the login with a method "classes" is not the way we should look at this for future usage.
- How are you going to check if the class that retrieved the UserContext is the same as which is doing the operations? (i dont think that looking at the trace is sufficent enough)
