I'm kicking off this thread for continued discussion on how to implement the AssumedIdentity/RunAs feature.
For now I'm assuming we'll put the method to assume another user's identity directly in the existing Subject interface - no sub-interface. Also something I was thinking about this morning was a stack might be needed to 'remember' the assumed identities if there are multiple calls: Subject subject = securityManager.getSubject(); subject.assumeIdentity( foo ); ... some code subject.assumeIdentity( bar ); This would allow functionality like 'su' in unix, where you could assume a user's identity any number of times: > # login as originalUser here > su someUser > ... > su anotherUser .. > exit (drops you back to 'someUser' here) > ... > exit (drops you back to 'originalUser' here) This means the SecurityManager or the DelegatingSubject (or both) needs to be aware of this stack. I haven't quite figured out how this would work yet, or how it would work in a RememberMe context, but I wanted to jot down my ideas here for record and to allow any feedback. - Les
