...
- Cannot just get a String, need to be able interrogate type of token.
- User = SecuritygetCurrentuser = securityMgr.getCurrentUser ();
- user.getType () ; (i.e. Kerberos, MIT ID, email address, Alumni ID, etc)
- user.convertTo (type); - allows programmer to convert between supported types
- Service layer access to authenticated user without having it explicitly passed in each call*
- i.e. User user = securityMgr.getCurrentUser (); works on service layer just as it does on the web tier
- A way to do machine to machine authentication (or app to app authentication)
- An ability to invoke service method on behalf of a named business user #Ability
- Ability to impersonate another for testing just within a particular application
- Grant Impersonate to X for application Y
- UI to let X type in user Z to impersonate them within the rest of the application
- User user = securityMgr.The above methods for getCurrentUser (); // must return Z
- User user = securityMgr.getTrueUser (); // optional to return X
Authorization requirements
...