RunAs retains the original identity. If you are 'running as' another identity, you can get the previous identity by calling Subject.getPreviousPrincipals()
Note that this will only give you the identity. It will not make the current runAs Subject 'act' as the previous user also (i.e. any subject.isPermitted and hasRole calls will reflect the current runAs user's state - not a blended view of both the runAs user and the previous 'original' user). If this still doesn't meet your needs, have you evaluated the possibility of the security model changing a bit to support this a little cleaner (if possible)? It is very odd (at least in my experience) to have a user log in and then have to log in again to the same application with a different account in the same session. The requirements you hint at are almost always handled with permission and role mappings - not with switching or merging individual user accounts. 'Run As' as a feature is great for scenarios where an admin needs to assume the identity of a normal user so they can experience the same thing as the target user as if they had logged in for themselves - it helps w/ customer support or debugging, etc. I don't know the ins and outs of your application obviously, but it's food for thought - only trying to help. Les On Tue, Jun 22, 2010 at 10:19 AM, nmetzger <[email protected]> wrote: > > Hi Les, > > I looked into both those options, but they don't seem to fit my > requirements: In both cases the subject doesn't retain the original > permissions, and I need those. Or did I overlook something in "runAs"? When > I tried it, all my permissions were gone. > > Thanks for you help, > Natalie > > > Les Hazlewood-2 wrote: > > > > Hi Natalie, > > > > You can do this in a couple of ways: > > > > 1. Use Shiro's 'runAs' feature (Subject.runAs*) to 'run as' the Admin > > user > > after they give the correct username/password). > > 2. Just call subject.login again with the admin principals and > > credentials. > > Note that with this approach, the subject will 'lose' the previous > > subject > > identity. > > > > HTH, > > > > Les > > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/authentication-as-user-and-admin-tp5208454p5209897.html > Sent from the Shiro User mailing list archive at Nabble.com. >
