shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Amol Deshmukh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SHIRO-420) Allow a configurable strategy to backup runAs() informations
Date Tue, 12 Jan 2016 22:50:39 GMT

    [ https://issues.apache.org/jira/browse/SHIRO-420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15095147#comment-15095147
] 

Amol Deshmukh commented on SHIRO-420:
-------------------------------------

I share the same concern as the reporter. We have a stateless application which needs to support
delegation.

I wonder if this could simply be supported using ThreadLocal storage for the stack of runAs
principals? Or perhaps allow a way to configure/plugin a strategy for managing the runAs stack.

> Allow a configurable strategy to backup runAs() informations
> ------------------------------------------------------------
>
>                 Key: SHIRO-420
>                 URL: https://issues.apache.org/jira/browse/SHIRO-420
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Configuration
>    Affects Versions: 1.2.1
>            Reporter: Maison
>
> Subject.runAs() saves current subject principal in a stack into user session ; this saved
information will be popped by Subject.releaseRunAs().
> Thus Subject.runAs() is not usable with the noSessionFilter.
> Use of session may not always be desirable (in case of stateless web application where
no session should be created).
> Alternatively it would be interesting to be able to configure the way runAs() informations
are saved.
> A RunAsManager (or something similar) in the SecurityManager that could be consulted
for runAs operations. Then you could plug in a persistence strategy, whether it be via the
session or something else.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message