You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Maison (JIRA)" <ji...@apache.org> on 2013/03/02 10:03:12 UTC

[jira] [Created] (SHIRO-420) Allow a configurable strategy to backup runAs() informations

Maison created SHIRO-420:
----------------------------

             Summary: Allow a configurable strategy to backup runAs() informations
                 Key: SHIRO-420
                 URL: https://issues.apache.org/jira/browse/SHIRO-420
             Project: Shiro
          Issue Type: Improvement
          Components: Configuration
    Affects Versions: 1.2.1
            Reporter: Maison


Subject.runAs() saves current subject principal in a stack into user session ; this saved information will be popped by Subject.releaseRunAs().
Thus Subject.runAs() is not usable with the noSessionFilter.
Use of session may not always be desirable (in case of stateless web application where no session should be created).

Alternatively it would be interesting to be able to configure the way runAs() informations are saved.
A RunAsManager (or something similar) in the SecurityManager that could be consulted for runAs operations. Then you could plug in a persistence strategy, whether it be via the session or something else.


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira