Hi JSecurity community, The JSecurity team will enable native support for the ability to assume another user's identity at runtime, aka 'Run As' or 'Switch User' functionality into the framework very soon. This allows the application to look, feel and react as if the current user is another user entirely, a functionality that is quite common in many applications.
We're looking to the community to get feedback on what people prefer this be called in the API itself. Odds are very high that the methods to perform this switching capability will reside in the Subject interface (or a sub-interface of Subject, we haven't decided yet). So, here are a few alphabetically-ordered options that seem to make sense (don't forget a 'principal' is just an identifying attribute, like a username or user id). If you feel so inclined, please choose one: subject.assumeIdentity( Object principal ); subject.runAs( Object principal ); subject.switchUser( Object principal ); Please note that whatever the naming choice, the implementation will retain raw traceability and auditing attributed to the original or 'owning' user in all cases. You won't 'lose' that when executing this soon-to-be-created method. Thanks for any feedback! Les
