Chris, Andre, thanks for sharing your thoughts, it helped me to see things more clear.
changing a user object in the session is something i already did. the problem with this was (and which was triggering my initial question) is that a new user could have access rights to more functionality than the first user, but that the access to this functionality is blocked by the container because of the role based security constraints i have defined in web.xml (the container does not know that there is a new user with other roles, so it still applying the access rules of the first user). anyway to move forward i decided to use the container-managed authentication just as yes/no to obtain access to the complete application and to move authorization to the application itself. thanks, dirk On Thu, 2012-05-24 at 10:37 -0400, Christopher Schultz wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dirk, > > On 5/23/12 7:01 PM, dirk ooms wrote: > > any hint on fast-user-switching or > > applications-interacting-with-container-based-authentication are > > very welcome. > > We use securityfilter for AAA and the user is stored in the session: > you can just replace the user object and boom: you are a new user. We > support "user impersonation" in this way and allows administrators to > masquerade as another user and then go back to their original login. > > Switching to securityfilter may not be a great plan for you, though > it's not terribly hard to do. But, its a possibility. > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.17 (Darwin) > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk++R7gACgkQ9CaO5/Lv0PBVSQCePHZUW/l2Ybdcqegu206zfY+g > 6rIAniyLbfpW0m96AeietxvHYXysOW7r > =ROLF > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
