Hey guys,
I was just wondering the status of 'Run As' support (Assume Identity, I
think there where a few other terms that where thrown around too)
https://issues.apache.org/jira/browse/SHIRO-25
I took a look at that patches and reread the previous threads. I am
assuming this isn't going to make the 1.0 ( can we bump the jira 'fix for'
version? )
To get this support in the past. I have done the following:
DelegatingSubject fakeLoggedInSubject = new DelegatingSubject(
principal, /* authenticated */ true, null, null, /* Non-web */
securityManager );
// fake the login
ThreadContext.bind( fakeLoggedInSubject );
We are not using this in production yet, but in my web app I need to use two
different SecurityManagers, one for the Web (bound to http requests) and the
default one, for this 'run as' support. We would be using the 'run as' to
run scheduled task (so there is no access to http requests)
Are there flaws behind this approach?
Will / does the the official support for this get around the
WebSecurityManagers need for a http request?
Thanks,
Brian
