Hi Les. 2009/1/30 Les Hazlewood <[email protected]>: > On second thought, maybe 'assumeIdentity' is just that - the Principal is > assumed and everything else about 'bob's Subject state (session, > authentication, etc) is retained.
That's what I'd suggest and what I implemented. BTW: I never got feedback about the files i attached to JIRA (or I missed it). >> subject.getPrincipals() If I understood correctly, the first item in the PrincipalCollection is the main Principal (i.e. the one used with authorization). So, I figured, the assumed identity's principal has to be prepended to the original PrincipalCollection. For the other methods, I'd say, just leave them. > The 'stack like' functionality might be cause for a separate feature in the > future, say 'switchUser' to mimic a full stack-like behavior like what I > outlined originally, if users actually desire such a feature. That's what "substitute user" (Unix-ish) would be, right? Reminding you of some previous discussion, I think this is what we agreed on (or stopped going on discussing): All we do is "assume the identity of another subject". We do not "substitute the user" in their entirety. As the difference is so subtle (to me), I'd still recommend the "act on behalf of" naming, which IMHO makes it easier to distinguish. But beware: I'm no English native speaker, so my perception of "subtleties" may be completely out of balance ;-) > Feedback is still welcome ;) You asked for it... ;-) Cheers, DJ
