An extremely common web application requirement is that a customer
service representative be able to "masquerade" as the user who's having
problems, but to retain the privileges of a CSR. So CSR Fred should be
able to "fake out" the system into thinking that he's really User In
Trouble Joe, able to see Joe's session data, access beans that are
restricted to roles that Joe plays, etc. but should also be able to get
to places that are restricted to CSRs.
I do not see that the Servlet 2.2 specification or the EJB specification
1.1 handle this very common requirement. I can think of several
workarounds, but they essentially involve duplicating parts of the
automatic session management that is supposed to be the Big Thing that
makes the servlet 2.2 specification worthwhile. Can anyone figure out a
way to do this without having to write session management themselves?
Cheers,
Laird
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
