|
|||||||||
| Home >> All >> org >> acegisecurity >> ui >> [ switchuser overview ] | PREV CLASS NEXT CLASS | ||||||||
SUMMARY:  JAVADOC |  SOURCE |  DOWNLOAD | NESTED | FIELD | CONSTR | METHOD |
DETAIL: FIELD | CONSTR | METHOD | ||||||||
org.acegisecurity.ui.switchuser
Class SwitchUserProcessingFilter
java.lang.Objectorg.acegisecurity.ui.switchuser.SwitchUserProcessingFilter
- All Implemented Interfaces:
- org.springframework.context.ApplicationEventPublisherAware, javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware
- public class SwitchUserProcessingFilter
- extends java.lang.Object
- implements javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware
- extends java.lang.Object
Switch User processing filter responsible for user context switching.
This filter is similar to Unix 'su' however for Acegi-managed web applications. A common use-case for this feature is the ability to allow higher-authority users (i.e. ROLE_ADMIN) to switch to a regular user (i.e. ROLE_USER).
This filter assumes that the user performing the switch will be required to
be logged in as normal (i.e. ROLE_ADMIN user). The user will then access a
page/controller that enables the administrator to specify who they wish to
become (see switchUserUrl).
Note: This URL will be required to have to appropriate security
contraints configured so that only users of that role can access (i.e.
ROLE_ADMIN).
On successful switch, the user's SecurityContextHolder will be
updated to reflect the specified user and will also contain an additinal
SwitchUserGrantedAuthority which
contains the original user.
To 'exit' from a user context, the user will then need to access a URL (see
exitUserUrl) that will switch back to the original user as
identified by the SWITCH_USER_GRANTED_AUTHORITY.
To configure the Switch User Processing Filter, create a bean definition for
the Switch User processing filter and add to the filterChainProxy.
Example:
<bean id="switchUserProcessingFilter" class="org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter">
<property name="authenticationDao" ref="jdbcDaoImpl" />
<property name="switchUserUrl"><value>/j_acegi_switch_user</value></property>
<property name="exitUserUrl"><value>/j_acegi_exit_user</value></property>
<property name="targetUrl"><value>/index.jsp</value></property>
</bean>
| Field Summary | |
static java.lang.String |
ACEGI_SECURITY_SWITCH_USERNAME_KEY
|
private org.springframework.context.ApplicationEventPublisher |
eventPublisher
|
private java.lang.String |
exitUserUrl
|
private static org.apache.commons.logging.Log |
logger
|
protected org.springframework.context.support.MessageSourceAccessor |
messages
|
static java.lang.String |
ROLE_PREVIOUS_ADMINISTRATOR
|
private java.lang.String |
switchUserUrl
|
private java.lang.String |
targetUrl
|
private org.acegisecurity.userdetails.UserDetailsService |
userDetailsService
|
| Constructor Summary | |
SwitchUserProcessingFilter()
|
|
| Method Summary | |
void |
afterPropertiesSet()
Invoked by a BeanFactory after it has set all bean properties supplied (and satisfied BeanFactoryAware and ApplicationContextAware). |
protected org.acegisecurity.Authentication |
attemptExitUser(javax.servlet.http.HttpServletRequest request)
Attempt to exit from an already switched user. |
protected org.acegisecurity.Authentication |
attemptSwitchUser(javax.servlet.http.HttpServletRequest request)
Attempt to switch to another user. |
private org.acegisecurity.providers.UsernamePasswordAuthenticationToken |
createSwitchUserToken(javax.servlet.http.HttpServletRequest request,
java.lang.String username,
org.acegisecurity.userdetails.UserDetails targetUser)
Create a switch user token that contains an additional GrantedAuthority that contains the original Authentication object. |
void |
destroy()
Called by the web container to indicate to a filter that it is being taken out of service. |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
The doFilter method of the Filter is called by the container
each time a request/response pair is passed through the chain due
to a client request for a resource at the end of the chain. |
private org.acegisecurity.Authentication |
getSourceAuthentication(org.acegisecurity.Authentication current)
Find the original Authentication object from
the current user's granted authorities. |
void |
init(javax.servlet.FilterConfig ignored)
Called by the web container to indicate to a filter that it is being placed into service. |
protected boolean |
requiresExitUser(javax.servlet.http.HttpServletRequest request)
Checks the request URI for the presence of exitUserUrl. |
protected boolean |
requiresSwitchUser(javax.servlet.http.HttpServletRequest request)
Checks the request URI for the presence of switchUserUrl. |
void |
setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher eventPublisher)
Set the ApplicationEventPublisher that this object runs in. |
void |
setExitUserUrl(java.lang.String exitUserUrl)
Set the URL to respond to exit user processing. |
void |
setMessageSource(org.springframework.context.MessageSource messageSource)
Set the MessageSource that this object runs in. |
void |
setSwitchUserUrl(java.lang.String switchUserUrl)
Set the URL to respond to switch user processing. |
void |
setTargetUrl(java.lang.String targetUrl)
Sets the URL to go to after a successful switch / exit user request. |
void |
setUserDetailsService(org.acegisecurity.userdetails.UserDetailsService authenticationDao)
Sets the authentication data access object. |
private static java.lang.String |
stripUri(javax.servlet.http.HttpServletRequest request)
Strips any content after the ';' in the request URI |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
logger
private static final org.apache.commons.logging.Log logger
ACEGI_SECURITY_SWITCH_USERNAME_KEY
public static final java.lang.String ACEGI_SECURITY_SWITCH_USERNAME_KEY
- See Also:
- Constant Field Values
ROLE_PREVIOUS_ADMINISTRATOR
public static final java.lang.String ROLE_PREVIOUS_ADMINISTRATOR
- See Also:
- Constant Field Values
eventPublisher
private org.springframework.context.ApplicationEventPublisher eventPublisher
userDetailsService
private org.acegisecurity.userdetails.UserDetailsService userDetailsService
messages
protected org.springframework.context.support.MessageSourceAccessor messages
exitUserUrl
private java.lang.String exitUserUrl
switchUserUrl
private java.lang.String switchUserUrl
targetUrl
private java.lang.String targetUrl
| Constructor Detail |
SwitchUserProcessingFilter
public SwitchUserProcessingFilter()
| Method Detail |
afterPropertiesSet
public void afterPropertiesSet()
throws java.lang.Exception
- Description copied from interface:
org.springframework.beans.factory.InitializingBean - Invoked by a BeanFactory after it has set all bean properties supplied
(and satisfied BeanFactoryAware and ApplicationContextAware).
This method allows the bean instance to perform initialization only possible when all bean properties have been set and to throw an exception in the event of misconfiguration.
- Specified by:
afterPropertiesSetin interfaceorg.springframework.beans.factory.InitializingBean
attemptExitUser
protected org.acegisecurity.Authentication attemptExitUser(javax.servlet.http.HttpServletRequest request) throws org.acegisecurity.AuthenticationCredentialsNotFoundException
- Attempt to exit from an already switched user.
attemptSwitchUser
protected org.acegisecurity.Authentication attemptSwitchUser(javax.servlet.http.HttpServletRequest request) throws org.acegisecurity.AuthenticationException
- Attempt to switch to another user. If the user does not exist or
is not active, return null.
createSwitchUserToken
private org.acegisecurity.providers.UsernamePasswordAuthenticationToken createSwitchUserToken(javax.servlet.http.HttpServletRequest request, java.lang.String username, org.acegisecurity.userdetails.UserDetails targetUser)
- Create a switch user token that contains an additional
GrantedAuthority that contains the original
Authenticationobject.
destroy
public void destroy()
- Description copied from interface:
javax.servlet.Filter - Called by the web container to indicate to a filter that it is being taken out of service. This
method is only called once all threads within the filter's doFilter method have exited or after
a timeout period has passed. After the web container calls this method, it will not call the
doFilter method again on this instance of the filter.
This method gives the filter an opportunity to clean up any resources that are being held (for example, memory, file handles, threads) and make sure that any persistent state is synchronized with the filter's current state in memory.- Specified by:
destroyin interfacejavax.servlet.Filter
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
- Description copied from interface:
javax.servlet.Filter - The
doFiltermethod of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain. The FilterChain passed in to this method allows the Filter to pass on the request and response to the next entity in the chain.A typical implementation of this method would follow the following pattern:-
1. Examine the request
2. Optionally wrap the request object with a custom implementation to filter content or headers for input filtering
3. Optionally wrap the response object with a custom implementation to filter content or headers for output filtering
4. a) Either invoke the next entity in the chain using the FilterChain object (chain.doFilter()),
4. b) or not pass on the request/response pair to the next entity in the filter chain to block the request processing
5. Directly set headers on the response after invocation of the next entity in the filter chain.- Specified by:
doFilterin interfacejavax.servlet.Filter
getSourceAuthentication
private org.acegisecurity.Authentication getSourceAuthentication(org.acegisecurity.Authentication current)
- Find the original
Authenticationobject from the current user's granted authorities. A successfully switched user should have aSwitchUserGrantedAuthoritythat contains the original source userAuthenticationobject.
init
public void init(javax.servlet.FilterConfig ignored) throws javax.servlet.ServletException
- Description copied from interface:
javax.servlet.Filter - Called by the web container to indicate to a filter that it is being placed into
service. The servlet container calls the init method exactly once after instantiating the
filter. The init method must complete successfully before the filter is asked to do any
filtering work.
The web container cannot place the filter into service if the init method either
1.Throws a ServletException
2.Does not return within a time period defined by the web container- Specified by:
initin interfacejavax.servlet.Filter
requiresExitUser
protected boolean requiresExitUser(javax.servlet.http.HttpServletRequest request)
- Checks the request URI for the presence
of exitUserUrl.
requiresSwitchUser
protected boolean requiresSwitchUser(javax.servlet.http.HttpServletRequest request)
- Checks the request URI for the
presence of switchUserUrl.
setApplicationEventPublisher
public void setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher eventPublisher) throws org.springframework.beans.BeansException
- Description copied from interface:
org.springframework.context.ApplicationEventPublisherAware - Set the ApplicationEventPublisher that this object runs in.
Invoked after population of normal bean properties but before an init callback like InitializingBean's afterPropertiesSet or a custom init-method. Invoked before ApplicationContextAware's setApplicationContext.
- Specified by:
setApplicationEventPublisherin interfaceorg.springframework.context.ApplicationEventPublisherAware
setUserDetailsService
public void setUserDetailsService(org.acegisecurity.userdetails.UserDetailsService authenticationDao)
- Sets the authentication data
access object.
setExitUserUrl
public void setExitUserUrl(java.lang.String exitUserUrl)
- Set the URL to respond to exit
user processing.
setMessageSource
public void setMessageSource(org.springframework.context.MessageSource messageSource)
- Description copied from interface:
org.springframework.context.MessageSourceAware - Set the MessageSource that this object runs in.
Invoked after population of normal bean properties but before an init callback like InitializingBean's afterPropertiesSet or a custom init-method. Invoked before ApplicationContextAware's setApplicationContext.
- Specified by:
setMessageSourcein interfaceorg.springframework.context.MessageSourceAware
setSwitchUserUrl
public void setSwitchUserUrl(java.lang.String switchUserUrl)
- Set the URL to respond to switch
user processing.
setTargetUrl
public void setTargetUrl(java.lang.String targetUrl)
- Sets the URL to go to after a
successful switch / exit user
request.
stripUri
private static java.lang.String stripUri(javax.servlet.http.HttpServletRequest request)
- Strips any content after the ';'
in the request URI
|
|||||||||
| Home >> All >> org >> acegisecurity >> ui >> [ switchuser overview ] | PREV CLASS NEXT CLASS | ||||||||
|
SUMMARY: JAVADOC | SOURCE | DOWNLOAD | NESTED | FIELD | CONSTR | METHOD |
DETAIL: FIELD | CONSTR | METHOD | ||||||||