Hi, Newbie to this mailing list. Was scanning through the JIRA issues list.
The runAs support discussion caught my attention and if the discussion in the following threads is not closed, I would like to add a few cents. http://markmail.org/message/hnex52p2puw2pip5 http://markmail.org/message/nc7mqs5uxainqg7c Some of the proposed methods in the above threads are subject.assumeIdentity( Object principal ); subject.runAs( Object principal ); subject.switchUser( Object principal ); Doing a runAs and switching identity based on only the principal is in my view a security hole. Any developer could introduce a malignant line code with a call to runAs using the prinicipal of another user and hijack the other users privilege. The runAs method should have an authenticated Subject as a parameter. The method could be subject.runAs(Subject runAsSubject) ; What runAs should do is execute a piece of code under the assume identity. And when the execution of the code completes, revert back to the original identity without the programmer having to make additional method calls. What piece of code are we talking about ? This needs to be specified as an additional parameter. We need an interface to specify the code to execute. Let me craft something really simple for discussion purposes. interface Work { public void run() { // code to execute here } } and the runAs signature become: subject.runAs(Subject runasSubject, Work codetoexcute) This eliminates the need for some of the other methods discussed in the threads above such as relinquishAssumedIdentity, getAssumedIdentity etc. One additional advantage of this approach is the you can do multiple runAs calls without getting complicated. For example, Authenticated user joe does a runAs Mike. Mike does runAs Judy. Judy does runAs Hal. This is possible with 3 nested runAs calls and when each call ends, the identity is reset correctly to whatever it was prior to the call. This is similar to the approach taken by doAs* methods of javax.security.auth.Subject. I am very new to Shiro. So if I overlooked anything obvious, please excuse the ignorance. regards Manoj
