Laird Nelson wrote:
>
> An extremely common web application requirement is that a customer
> service representative be able to "masquerade" as the user who's having
> problems, but to retain the privileges of a CSR. So CSR Fred should be
> able to "fake out" the system into thinking that he's really User In
> Trouble Joe, able to see Joe's session data, access beans that are
> restricted to roles that Joe plays, etc. but should also be able to get
> to places that are restricted to CSRs.
Roles is not a problem. Put Fred CSR in the *CSR* role, make sure
anything Joe can do, Fred CSR can do as well. Problem solved.
arkin
> I do not see that the Servlet 2.2 specification or the EJB specification
> 1.1 handle this very common requirement. I can think of several
> workarounds, but they essentially involve duplicating parts of the
> automatic session management that is supposed to be the Big Thing that
> makes the servlet 2.2 specification worthwhile. Can anyone figure out a
> way to do this without having to write session management themselves?
>
> Cheers,
> Laird
>
> ===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
--
----------------------------------------------------------------------
Assaf Arkin www.exoffice.com
CTO, Exoffice Technologies, Inc. www.exolab.org
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
