This week's giveaway is in the Programmer Certification (OCPJP) forum.
We're giving away four copies of Java Mock Exams (software) and have David Mayer on-line!
See this thread for details.
Win a copy of Java Mock Exams (software) this week in the Programmer Certification (OCPJP) forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

User impersonation using Filters/Cookies

Brian Quinn
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Building an application in Flex/Java that requires a super user to be able to impersonate another user. We did this by having a spring controller write a cookie with target user's id. Then app reloads. A filter is on the app that looks for cookie and build a principal off that user id if it finds the cookie, or it builds a prinicipal based on Cleartrust headers. It then sticks Principal on session and in a thread local so java service layer can find it. However we are seeing that as the app reloads, it starts with the intended impersonated user id, but then it changes over to the super user's id. I was wondering if there were some ideas better than the cookie/filter way to maybe implement this feature.
What are you doing? You are supposed to be reading this tiny ad!
the new thread boost feature brings a LOT of attention to your favorite threads
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!