• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Check authentication of another user while session on one user is active

 
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Guys,

I have a use case as below.

1) User1 logs in to application.
2) Opens up a page and tries to submit the form with some data on the screen.
3) The client side validations on the page determines that user can not do that action and requires approval from supervisor. A popup opens up with the supervisor name.
4) Supervisor comes to user1, enters password and submit
5) System checks supervisor's authentication, authorization and then allows User1 to submit the form. System should not use supervisor's credentials for any other tasks on the screen. (i.e., supervisor's authentication should be immediately destroyed in user1's session after this task is complete).

At Step 5 above, which API can be used to authenticate another user's credentials while user1's session is 'active'.

Kind regards,
 
Saloon Keeper
Posts: 15510
363
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The best way is to determine server-side that a particular form needs supervisor approval, and then send a form that includes a field for the supervisor name and password. When the user has filled in all the form data, they can ask the supervisor to fill in the remaining fields.

Authentication is then done the same way you authenticate your regular users, except you don't store the credentials in the current session.
 
reply
    Bookmark Topic Watch Topic
  • New Topic