|
Spring Security Framework | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.springframework.security.ui.SpringSecurityFilter org.springframework.security.ui.switchuser.SwitchUserProcessingFilter
public class SwitchUserProcessingFilter
Switch User processing filter responsible for user context switching.
This filter is similar to Unix 'su' however for Spring Security-managed web applications. A common use-case for this feature is the ability to allow higher-authority users (e.g. ROLE_ADMIN) to switch to a regular user (e.g. ROLE_USER).
This filter assumes that the user performing the switch will be required to be logged in as normal (i.e.
as a ROLE_ADMIN user). The user will then access a page/controller that enables the administrator to specify who they
wish to become (see switchUserUrl
).
Note: This URL will be required to have to appropriate security contraints configured so that only users of that
role can access (e.g. ROLE_ADMIN).
On successful switch, the user's SecurityContextHolder
will be updated to reflect the
specified user and will also contain an additinal
SwitchUserGrantedAuthority
which contains the original user.
To 'exit' from a user context, the user will then need to access a URL (see exitUserUrl
) that
will switch back to the original user as identified by the ROLE_PREVIOUS_ADMINISTRATOR
.
To configure the Switch User Processing Filter, create a bean definition for the Switch User processing filter and add to the filterChainProxy. Note that the filter must come after the FilterSecurityInteceptor in the chain, in order to apply the correct constraints to the switchUserUrl. Example:
<bean id="switchUserProcessingFilter" class="org.springframework.security.ui.switchuser.SwitchUserProcessingFilter"> <property name="userDetailsService" ref="userDetailsService" /> <property name="switchUserUrl"><value>/j_spring_security_switch_user</value></property> <property name="exitUserUrl"><value>/j_spring_security_exit_user</value></property> <property name="targetUrl"><value>/index.jsp</value></property></bean>
SwitchUserGrantedAuthority
Field Summary | |
---|---|
protected MessageSourceAccessor |
messages
|
static String |
ROLE_PREVIOUS_ADMINISTRATOR
|
static String |
SPRING_SECURITY_SWITCH_USERNAME_KEY
|
Fields inherited from class org.springframework.security.ui.SpringSecurityFilter |
---|
logger |
Fields inherited from interface org.springframework.core.Ordered |
---|
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE |
Constructor Summary | |
---|---|
SwitchUserProcessingFilter()
|
Method Summary | |
---|---|
void |
afterPropertiesSet()
|
protected Authentication |
attemptExitUser(HttpServletRequest request)
Attempt to exit from an already switched user. |
protected Authentication |
attemptSwitchUser(HttpServletRequest request)
Attempt to switch to another user. |
void |
doFilterHttp(HttpServletRequest request,
HttpServletResponse response,
FilterChain chain)
|
int |
getOrder()
|
protected boolean |
requiresExitUser(HttpServletRequest request)
Checks the request URI for the presence of exitUserUrl. |
protected boolean |
requiresSwitchUser(HttpServletRequest request)
Checks the request URI for the presence of switchUserUrl. |
protected void |
sendRedirect(HttpServletRequest request,
HttpServletResponse response,
String url)
|
void |
setApplicationEventPublisher(ApplicationEventPublisher eventPublisher)
|
void |
setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource)
|
void |
setExitUserUrl(String exitUserUrl)
Set the URL to respond to exit user processing. |
void |
setMessageSource(MessageSource messageSource)
|
void |
setSwitchFailureUrl(String switchFailureUrl)
Sets the URL to which a user should be redirected if the swittch fails. |
void |
setSwitchUserAuthorityChanger(SwitchUserAuthorityChanger switchUserAuthorityChanger)
|
void |
setSwitchUserUrl(String switchUserUrl)
Set the URL to respond to switch user processing. |
void |
setTargetUrl(String targetUrl)
Sets the URL to go to after a successful switch / exit user request. |
void |
setUserDetailsService(UserDetailsService userDetailsService)
Sets the authentication data access object. |
void |
setUseRelativeContext(boolean useRelativeContext)
Analogous to the same property in AbstractProcessingFilter . |
Methods inherited from class org.springframework.security.ui.SpringSecurityFilter |
---|
destroy, doFilter, init, toString |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
public static final String SPRING_SECURITY_SWITCH_USERNAME_KEY
public static final String ROLE_PREVIOUS_ADMINISTRATOR
protected MessageSourceAccessor messages
Constructor Detail |
---|
public SwitchUserProcessingFilter()
Method Detail |
---|
public void afterPropertiesSet() throws Exception
afterPropertiesSet
in interface InitializingBean
Exception
protected Authentication attemptExitUser(HttpServletRequest request) throws AuthenticationCredentialsNotFoundException
request
- The http servlet request
Authentication
object or null
otherwise.
AuthenticationCredentialsNotFoundException
- If no Authentication
associated with this
request.protected Authentication attemptSwitchUser(HttpServletRequest request) throws AuthenticationException
Authentication
request if successfully switched to another user, null
otherwise.
UsernameNotFoundException
- If the target user is not found.
LockedException
- if the account is locked.
DisabledException
- If the target user is disabled.
AccountExpiredException
- If the target user account is expired.
CredentialsExpiredException
- If the target user credentials are expired.
AuthenticationException
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException
doFilterHttp
in class SpringSecurityFilter
IOException
ServletException
protected void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url) throws IOException
IOException
protected boolean requiresExitUser(HttpServletRequest request)
request
- The http servlet request
true
if the request requires a exit user, false
otherwise.exitUserUrl
protected boolean requiresSwitchUser(HttpServletRequest request)
request
- The http servlet request
true
if the request requires a switch, false
otherwise.switchUserUrl
public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) throws BeansException
setApplicationEventPublisher
in interface ApplicationEventPublisherAware
BeansException
public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource)
public void setExitUserUrl(String exitUserUrl)
exitUserUrl
- The exit user URL.public void setMessageSource(MessageSource messageSource)
setMessageSource
in interface MessageSourceAware
public void setSwitchUserUrl(String switchUserUrl)
switchUserUrl
- The switch user URL.public void setTargetUrl(String targetUrl)
targetUrl
- The target url.public void setUserDetailsService(UserDetailsService userDetailsService)
userDetailsService
- The authentication daopublic void setUseRelativeContext(boolean useRelativeContext)
AbstractProcessingFilter
. If set, redirects will
be context-relative (they won't include the context path).
useRelativeContext
- set to true to exclude the context path from redirect URLs.public void setSwitchFailureUrl(String switchFailureUrl)
If not set, an error essage wil be written to the response.
switchFailureUrl
- the url to redirect to.public void setSwitchUserAuthorityChanger(SwitchUserAuthorityChanger switchUserAuthorityChanger)
switchUserAuthorityChanger
- to use to fine-tune the authorities granted to subclasses (may be null if
SwitchUserProcessingFilter shoudl not fine-tune the authorities)public int getOrder()
getOrder
in interface Ordered
|
Spring Security Framework | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |