Check authentication of another user while session on one user is active

, ,
1

Hi Guys,

I have a use case as below.

  1. User1 logs in to application.
  2. Opens up a page and tries to submit the form with some data on the screen.
  3. The client side validations on the page determines that user can not do that action and requires approval from supervisor. A popup opens up with the supervisor name.
  4. Supervisor comes to user1, enters password and submit
  5. System checks supervisor’s authentication, authorization and then allows User1 to submit the form. System should not use supervisor’s credentials for any other tasks (i.e., supervisor’s authentication info should be immediately destroyed in user1’s session after this task is complete).

At Step 5 above, which API can be used to authenticate another user’s credentials while user1’s session is ‘active’.

Kind regards,

2

The Common Directory Services API contains an authenticateUser method.

For example, something like this:

		IDirectorySession session = null;
		try {
			session = DirectorySystemFactory.getDirectorySystem().createSession();

			//try to authenticate with the username + password
			try {
				session.authenticateUser("Administrator", "1234");
				//no exception means authentication was successful
			}
			catch (DirectoryException e) {
				//exception means authentication failed
			}
		} finally {
			//release the session
			if (session != null) {
				DirectorySystemFactory.getDirectorySystem().destroySession(session);
			}
		}
1 Like