shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Amol Deshmukh (JIRA)" <>
Subject [jira] [Commented] (SHIRO-420) Allow a configurable strategy to backup runAs() informations
Date Tue, 12 Jan 2016 22:50:39 GMT


Amol Deshmukh commented on SHIRO-420:

I share the same concern as the reporter. We have a stateless application which needs to support

I wonder if this could simply be supported using ThreadLocal storage for the stack of runAs
principals? Or perhaps allow a way to configure/plugin a strategy for managing the runAs stack.

> Allow a configurable strategy to backup runAs() informations
> ------------------------------------------------------------
>                 Key: SHIRO-420
>                 URL:
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Configuration
>    Affects Versions: 1.2.1
>            Reporter: Maison
> Subject.runAs() saves current subject principal in a stack into user session ; this saved
information will be popped by Subject.releaseRunAs().
> Thus Subject.runAs() is not usable with the noSessionFilter.
> Use of session may not always be desirable (in case of stateless web application where
no session should be created).
> Alternatively it would be interesting to be able to configure the way runAs() informations
are saved.
> A RunAsManager (or something similar) in the SecurityManager that could be consulted
for runAs operations. Then you could plug in a persistence strategy, whether it be via the
session or something else.

This message was sent by Atlassian JIRA

View raw message