Hi
Mark,
Created.
http://opensource.atlassian.com/projects/spring/browse/SEC-374
What I
ended up with is somewhat project-specific but I can probably find the time to
write a patch later.
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]On Behalf Of
Hi Jason,Thanks for the example... yes, for your case, the switch user filter does not filter the authorities... This would require an improvement to the current implementation to optionally filter target authorities.
I would suggest either creating a JIRA entry for this improvement, so we can sc
Hi
Mark,
Probably should have given an example... so I will
now.
Alice:
ROLE_ADMIN
Bob:
ROLE_NORMAL_USER, ROLE_USER_ONLY
I want
to allow Alice to impersonate Bob but not allow her to get specific types of
authorities.
So if
Alice impersonates Bob...
Alice:
ROLE_NORMAL_USER
--
Hi Jason,Can you clarify what you mean by"I want to be able to impersonate another
user (i.e. switch user) for a specific authority that I don't want to
allow when impersonating."Do you mean that once you switch to a user, you dont actually want to run with that target user's authorities?User A (ha