Ben,
Re: SEC-15
I have committed the initial draft of the Switch User ('su')
functionality. I created a new filter (SwitchUserProcessingFilter)
that handles the 'switch' and 'exit' url requests.
This filter also uses the authenticationDao to allow access to load
users. A few initial assumptions
Hello,
I would have liked to secure all methods in an object
by implementing a voter that does
if the USERID parameter is present, and the principal
does not have superuser role, then
USERID must be equal to principal.
However, because the Method class only reifies the
parameter