That’s really dangerous. I would suggest something like client certificate authentication in web browsers to do this job
> On May 15, 2020, at 1:08 PM, Alex Sviridov <[email protected]> wrote: > > Hi all, > > I have a a system, that can be accessed by web interface (http servlet) and > by CLI. > > In my application I have a superuser with loginname and password. When > someone wants to use system by web as a superuser he must > provide superuser loginname and password. This case Shiro web filter is > used and everything is ok →I have subject.login(...), subject.logout() etc. > So, everything is clear here. > > However, when someone uses application by CLI he needs towork as superuser > without providing loginname and password (by CLI it is possible to reset > superuser > loginname and password). So, I need to log superuser in without loginname and > password. Could anyone say how it can be done in Shiro? I mean I have a User > object and I need to authenticate it in shiro without loginname and password. > > Best regards, Alex >
