Hello, we are running a web application with form based authentication. we now have a requirement to switch between users (for subsets of users) with a minimum of user interaction (log out and log in providing username & password is way too much work for the user). so i was thinking of providing each user with a badge with a unique barcode (a hash of username&password?) which they can scan into a dedicated field in the webpage and which will trigger the user switch. note that this barcode field will only be available once a person has logged in in the normal way (form based), so the user switch request is received within an authenticated session.
the difficult part of the story is how can i tell the 'container based authentication' that the current session is transferred to another user with possibly other roles OR how can i create a new session for the new user (so applying the correct authorization and providing a HttpServletRequest returning the correct values of getUserPrincipal() and isUserInRole()). the application is able to retrieve the user and its roles, but how can the application inform the container about this. i've been googling and reading for hours now and i'm a bit lost (understatement) on how to proceed with this. it could also be the case that there are much better scenario's than the one i have in mind. any hint on fast-user-switching or applications-interacting-with-container-based-authentication are very welcome. cheers, dirk --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
