You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by Les Hazlewood <lh...@apache.org> on 2009/09/16 23:37:57 UTC
Subject executing as another Subject
I'm in the middle of implementing the feature where a Subject can
execute as if it were another Subject. This is commonly called 'run
as' or 'assumed identity' or 'switch user' depending on one's
background/preference/use-case. See Jira SHIRO-25 [1] for more
details as well as links to previous discussions.
I'd like to solidify a final name for what the method will be called
on the Subject interface so I can complete this task. Please submit
your suggestions!
Thanks,
Les
[1] https://issues.apache.org/jira/browse/SHIRO-25
Re: Subject executing as another Subject
Posted by Les Hazlewood <lh...@apache.org>.
Strangely enough, as much as I do _not_ prefer 'runAs' (I like
assumeIdentity for being explicit), I thought of a case where 'runAs'
nomenclature might actually be a benefit to us as framework
developers.
If we had a method:
runAs(Subject anotherSubject);
then the implementation has a lot of freedom to do whatever it wants
when interpreting the method call.
For example, would we need to retain other information than just the
other identity (the PrincipalCollection)? What about the other
Subject's session ID (if it exists), the 'authenticated' flag, or
source InetAddress ?
If so, then 'assumeIdentity' doesn't make as much sense as 'runAs' to
me since there is more state than just identity that would be assumed.
Thoughts?
Les
Re: Subject executing as another Subject
Posted by "Daniel J. Lauk" <da...@gmail.com>.
> if ( subject.isPermitted("identity:assume") ) {
> subject.assumeIdentity(anotherSubject);
> } else {
> throw new UnauthorizedException(...);
> }
This is what I'd expect.
Cheers,
DJ
Re: Subject executing as another Subject
Posted by Les Hazlewood <lh...@apache.org>.
When is that method 'allowed' to be called?
That is, does a Shiro end-user write this:
subject.assumeIdentity(anotherSubject);
Or would we expect them to write the following (where they maintain
when it is 'legal' to call the method):
if ( subject.isPermitted("identity:assume") ) {
subject.assumeIdentity(anotherSubject);
} else {
throw new UnauthorizedException(...);
}
?
- Les
Re: Subject executing as another Subject
Posted by "Daniel J. Lauk" <da...@gmail.com>.
I guess, if I suggest "actOnBehalfOf" again, it won't help? :-)
I'd still prefer actOnBehalfOf, but I'm definitely fine with assumeIdentity.
Cheers,
DJ
Re: Subject executing as another Subject
Posted by Tauren Mills <yo...@gmail.com>.
I like assumeIdentity() as well.
On Thu, Sep 17, 2009 at 4:37 AM, Peter Ledbrook <pe...@cacoethes.co.uk>wrote:
> > I'd like to solidify a final name for what the method will be called
> > on the Subject interface so I can complete this task. Please submit
> > your suggestions!
>
> I prefer assumeIdentity(). It's verbose, but very explicit.
>
> Peter
>
Re: Subject executing as another Subject
Posted by Peter Ledbrook <pe...@cacoethes.co.uk>.
> I'd like to solidify a final name for what the method will be called
> on the Subject interface so I can complete this task. Please submit
> your suggestions!
I prefer assumeIdentity(). It's verbose, but very explicit.
Peter