Hi,
I am relatively new to Shiro (3 weeks)
I am implementing user impersonation functionality where admin can visualize
the system as an user from a particular role/permission.
This is a very nice Shiro feature. It would have been very hard to implement
this without framework support.
One of the things we do in our authentication process is to set small piece
of user data (see below code sample) in the session via
AuthenticationListener.onSuccess().
Code to read token and retrieve profile from data source.
subject.getSession().setAttribute("USER_PROFILE", profile);
This Listener does not get invoked when subject.runAs(principals) is called.
Currently I have AuthenticationListener.onSuccess() logic in 3 places.
I could think of 3 possible solutions in the Shiro Framework.
1. Execute AuthenticationListener methods treating subject.runAs() like an
login attempt.
2. Add additional methods on the AuthenticationListener to differentiate
between login and runAs attempts.
3. Have a separate interface like AuthenticationRunAsListener.
I would appreciate if someone could guide me in the right direction.
Jiggy.
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/How-to-handle-listen-for-subject-runAs-like-AuthenticationListener-tp5717899p5717899.html
Sent from the Shiro User mailing list archive at Nabble.com.
