-
1. Re: Impersonate User
rkilcoyne.rkilcoyne.mac.com Jul 28, 2008 8:38 PM (in response to rkilcoyne.rkilcoyne.mac.com)I think I got this. Going to extend JpaIdentityStore with a new method called impersonate that basically does the same thing as authenticate without the password check. I'll annotate with the appropriate role for added security.
Rick
-
2. Re: Impersonate User
rkilcoyne.rkilcoyne.mac.com Jul 28, 2008 10:13 PM (in response to rkilcoyne.rkilcoyne.mac.com)ok, maybe not. Got the code, just can't seem to slip in my customer JpaIdentityStore in place of the bundled version. Saw many mentions of this being possible, but not seeing the
hook
that makes the magic happen. Anyone have any tips? In the meantime, I'll take a look at the examples.Rick
-
3. Re: Impersonate User
rkilcoyne.rkilcoyne.mac.com Jul 28, 2008 10:39 PM (in response to rkilcoyne.rkilcoyne.mac.com)Was able to override a method but after adding my impersonate method to my custom JpaIdentityStore, the IdentityStore interface, and my IdentityManager, I get the following error on any action bean where IdentityManager was being injected:
@In attribute requires non-null value: myForm.identityManager
This happens whether or not I declare my @In IdentityManager identityManger using my custom class or the default.
-
4. Re: Impersonate User
digdas.seam.digdas.nl Jul 29, 2008 10:51 AM (in response to rkilcoyne.rkilcoyne.mac.com)@In(required=false)
should help you with that.
If you want it to be created:
@In(create=true,required=false,
-
5. Re: Impersonate User
djn Jul 29, 2008 11:06 AM (in response to rkilcoyne.rkilcoyne.mac.com)Perhaps you could also take at look at the @AutoCreate annotation.
-
6. Re: Impersonate User
pmuir Jul 29, 2008 12:39 PM (in response to rkilcoyne.rkilcoyne.mac.com)Have you looked at RunAs?
-
7. Re: Impersonate User
jnusaira Jul 29, 2008 9:56 PM (in response to rkilcoyne.rkilcoyne.mac.com)Not sure on exactly how you would implement this in your particular app.
But we had the same requirements for an app years ago. What we did is just stored the user credentials on the stack.
So you could keep in theory adding on to that stack. And the log off would just pop the top one off. And when you had no more you;d be gone.
You'd have to overwrite some of the Identity class to do this. But if all you really care about is the username, roles, and permissions then it wouldn't be much to worry about.
-
8. Re: Impersonate User
rkilcoyne.rkilcoyne.mac.com Jul 30, 2008 5:40 PM (in response to rkilcoyne.rkilcoyne.mac.com)Thanks Daniel and all the rest that contributed -- Looks like @AutoCreate is the winner here. I now have
user-switching
in my app. The RunAs tip was good, more about executing a single operation as an impersonated user... I'm switching the entire login context to the destination user.When I get thru this project, I'll definitely contrib a how-to on this topic and perhaps a patch that will include my impersonate method in the IdentityManager class.
Rick