Mark St.Godard wrote:
I did some local testing with the Contacts sample and did some simple tests of
- logging in (i.e. User 1)
- going to /secure/debug.jsp (view User 1 info)
- going to a jsp that handles the switch (i.e. switchUser.jsp)
- submit request to 'su' to another user (i.e. User 2)
Ben,
Re: SEC-15
I have committed the initial draft of the Switch User ('su')
functionality. I created a new filter (SwitchUserProcessingFilter)
that handles the 'switch' and 'exit' url requests.
This filter also uses the authenticationDao to allow access to load
users. A few initial assumptions