Gilles Lenfant wrote:
Hi,
I used successfully newSecurityManager in a Product to change dynamically the user during a transaction (running some methods as owner).
That's a highyl dodgy thing to do, just so you know...
I tried to use this to change dynamically the user in a special folder hierarchy based on a request parameter.
That sounds even more dodgy, what if someone spoofs that request parameter?
The newSecurityManager is executed but seems to have no effect on the user during the rest of the transaction :
I'm not suprised, it's really not designed to be used like that...
Did I miss something somewhere ? Why such a construct works in a Product and not in an external method ?
What are you trying to do here, this seems like a terrifically dangerous way to go about it, whatever it is... Chris