Return-Path: Delivered-To: apmail-incubator-shiro-dev-archive@www.apache.org Received: (qmail 20330 invoked from network); 11 May 2010 13:33:58 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 11 May 2010 13:33:58 -0000 Received: (qmail 76779 invoked by uid 500); 11 May 2010 13:33:58 -0000 Delivered-To: apmail-incubator-shiro-dev-archive@incubator.apache.org Received: (qmail 76743 invoked by uid 500); 11 May 2010 13:33:57 -0000 Mailing-List: contact shiro-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: shiro-dev@incubator.apache.org Delivered-To: mailing list shiro-dev@incubator.apache.org Received: (qmail 76735 invoked by uid 99); 11 May 2010 13:33:57 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 May 2010 13:33:57 +0000 X-ASF-Spam-Status: No, hits=0.6 required=10.0 tests=AWL,FREEMAIL_FROM,HTML_MESSAGE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of brian.demers@gmail.com designates 209.85.160.175 as permitted sender) Received: from [209.85.160.175] (HELO mail-gy0-f175.google.com) (209.85.160.175) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 May 2010 13:33:50 +0000 Received: by gya1 with SMTP id 1so2474025gya.6 for ; Tue, 11 May 2010 06:33:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=EqR2RxvsIAMrJTFQiwfUGVwNR3MTHYiletQW06f1yBA=; b=WXRP0MDVGGWN7ejsQktColnWOzhKeqQvOM8kzdCYIVRdkbTsRSRTMDHzRH+zH5HTQ8 ajZo0lLvRYxbH8aFt8u580wzNUBTkHKpBXS7bLT1K91dNvW2cm1RVvMU8qLcZJtI6+Oz FyNW2rpkN9zwtKeVdZkDUq5CYAD7MifQymFJo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=eDwS50u7kbDhTp3zSvxFByNMIzkr4YOUS4FHCPRcj5BXF0gMklG2WbtluaJvzAfAaH ZzNwETukpUHR+cwaP+Fz19srL5Kgi+QgJyrlK9iyMevcA9C5OSrEVulkpfQbB8CemPYE zluQaw6/HMQ60hQnNxem5x/zwq4udd/KGaac0= MIME-Version: 1.0 Received: by 10.150.160.19 with SMTP id i19mr8807931ybe.448.1273584807823; Tue, 11 May 2010 06:33:27 -0700 (PDT) Received: by 10.150.206.20 with HTTP; Tue, 11 May 2010 06:33:27 -0700 (PDT) Date: Tue, 11 May 2010 09:33:27 -0400 Message-ID: Subject: Status of 'Run As'? From: Brian Demers To: shiro-dev@incubator.apache.org Content-Type: multipart/alternative; boundary=000e0cd733f80ff715048651929e --000e0cd733f80ff715048651929e Content-Type: text/plain; charset=ISO-8859-1 Hey guys, I was just wondering the status of 'Run As' support (Assume Identity, I think there where a few other terms that where thrown around too) https://issues.apache.org/jira/browse/SHIRO-25 I took a look at that patches and reread the previous threads. I am assuming this isn't going to make the 1.0 ( can we bump the jira 'fix for' version? ) To get this support in the past. I have done the following: DelegatingSubject fakeLoggedInSubject = new DelegatingSubject( principal, /* authenticated */ true, null, null, /* Non-web */ securityManager ); // fake the login ThreadContext.bind( fakeLoggedInSubject ); We are not using this in production yet, but in my web app I need to use two different SecurityManagers, one for the Web (bound to http requests) and the default one, for this 'run as' support. We would be using the 'run as' to run scheduled task (so there is no access to http requests) Are there flaws behind this approach? Will / does the the official support for this get around the WebSecurityManagers need for a http request? Thanks, Brian --000e0cd733f80ff715048651929e--