Details
-
Suggestion
-
Resolution: Won't Fix
-
None
-
None
-
None
Description
NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.
I'd like to be able to connect to JIRA as one user, and then once the session is created and I've retrieved my token, change the session to be logged on as a different user.
Rationale: I'm creating an intranet site that combines information from JIRA with information from our other systems to create a personal home page. This home page uses NTLM/IWA to authenticate users, so I get a username but not a password. If I could connect to JIRA as a known, single account (e.g. "intranet") and then call JiraSoapServiceService.impersonate("joe.bloggs") then I'd be able to be logged in as joe.bloggs without actually needing his password. Naturally the "intranet" account would need to have some kind of "can impersonate" permission set up on it.
Looking at the RPC code it seems that it might just be as simple as adding an "impersonate" method to the tokenManager that does something like:
public void impersonate(String token, String username) throws RemoteAuthenticationException, RemotePermissionException
{
User currentUser = retrieveUser(token);
if(!permissionManager.hasPermission(Permissions.IMPERSONATE, currentUser)) throw new RemotePermissionException("No permission to perform operation");
User newUser = UserUtils.getUser(username);
synchronized(tokens) {
tokens.put(token, newUser);
}
}
and then adding the relevant code to the interface itself to expose this method.
Attachments
Issue Links
- relates to
-
- Closed
-
- Closed
