You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Dhiraj Ramakrishnan <st...@gmail.com> on 2006/04/10 23:35:57 UTC
Can we set the User Principal to another user once a user has been logged in?
Hi,
I know the requirement looks a little suspicious but they are valid,
The requirements ,
1. A user 'SUPERUSER', who can mimic the activities of any user
in the system.
2. So 'SUPERUSER' will log in and then pass in a request saying
that he wants to impersonate user 'X'
3. Now 'SUPERUSER' will only have all the roles associated with
user 'X'
4. When 'SUPERUSER' tries to impersonate 'X' , 'SUPERUSER' has
already been authenticated, so i should not ask for X's password from
'SUPERUSER'.
Is it possible to have such a behaviour within TOMCAT ? One of the
easiest ways is to subsitute the user principal with 'X' once such a request
for impersonation comes in.
What are the other ways in which i could induce such a behaviour ?
Thanks & Regards,
Dhiraj Ramakrishnan