I tried to see if I could start implementing this feature today, and I
reviewed this post again. Any feedback as to if we should store the assumed
identity in the session and be done with it? Or should it be stack-like as
described in my original post?
For some reason I feel we should be able to support stack-like behavior.
But here's the real question: When assuming another user's identity, what
about the other methods not entirely based on a principal?
For example, let's say I did this, as user 'bob':
Subject subject = SecurityUtils.getSubject();
//subject currently represents the 'original/owning' user, 'bob'.
//assume joe's identity:
subject.assumeIdentity("joe");
Now that we've done that, what happens should any of the following methods
be called? We've only really talked about what happens when getPrincipal()
is called, not these:
subject.isAuthenticated()
subject.getPrincipals()
subject.getSession() / subject.getSession(false);
subject.login(...)
subject.logout();
Do these methods function based on bob's authentication status and session
Or joe's? What if login and/or login is called? What should be the
expected behavior?
Then the issue of the session - if a new session is created while assuming
joe's identity, any session operations in 'joes' session should also update
the timestamp of the original 'bob' session to ensure it doesn't time out so
it is still available after relinquishing the 'joe' identity.
These are some of the things to consider when choosing a 'correct' approach.
Any feedback? Ideas?
Thanks,
Les
On Wed, Jan 14, 2009 at 9:51 AM, Les Hazlewood <[email protected]>wrote:
> I'm kicking off this thread for continued discussion on how to implement
> the AssumedIdentity/RunAs feature.
>
> For now I'm assuming we'll put the method to assume another user's identity
> directly in the existing Subject interface - no sub-interface.
>
> Also something I was thinking about this morning was a stack might be
> needed to 'remember' the assumed identities if there are multiple calls:
>
> Subject subject = securityManager.getSubject();
> subject.assumeIdentity( foo );
> ... some code
> subject.assumeIdentity( bar );
>
> This would allow functionality like 'su' in unix, where you could assume a
> user's identity any number of times:
>
> > # login as originalUser here
>
> > su someUser
> > ...
> > su anotherUser
> ..
> > exit
> (drops you back to 'someUser' here)
> > ...
> > exit
> (drops you back to 'originalUser' here)
>
> This means the SecurityManager or the DelegatingSubject (or both) needs to
> be aware of this stack. I haven't quite figured out how this would work
> yet, or how it would work in a RememberMe context, but I wanted to jot down
> my ideas here for record and to allow any feedback.
>
> - Les
>
