We have a requirement, wherein the administrative user needs to proxy in as a certain user in an environment where several users (Role: User) are managed by an administrator (Role: Admin).

e.g If we have the following users in the database (admin, user1, user2, user3), we would want the admin to proxy as 'user2' and use the system in certain scenarios. Authentication in our web application is based username / password credentials, what mechanisms are available for the admin to proxy as 'user2' when he doesn't have the password for 'user2'. How can the application track such access for audit purposes to mention that 'admin' had proxied for 'user2' and performed certain actions.

I am looking for suggestions on supporting this in our j2ee (jboss seam) web application.