public class SwitchUserWebFilter
extends java.lang.Object
implements org.springframework.web.server.WebFilter
This filter assumes that the user performing the switch will be required to be logged
in as normal user (i.e. with a ROLE_ADMIN role). The user will then access a
page/controller that enables the administrator to specify who they wish to become (see
switchUserUrl
).
Note: This URL will be required to have appropriate security constraints configured so that only users of that role can access it (e.g. ROLE_ADMIN).
On a successful switch, the user's SecurityContext
will be updated to
reflect the specified user and will also contain an additional
SwitchUserGrantedAuthority
which contains the original user. Before switching, a check will be made on whether the
user is already currently switched, and any current switch will be exited to prevent
"nested" switches.
To 'exit' from a user context, the user needs to access a URL (see
exitUserUrl
) that will switch back to the original user as identified by
the ROLE_PREVIOUS_ADMINISTRATOR
.
To configure the Switch User Processing Filter, create a bean definition for the Switch
User processing filter and add to the filterChainProxy. Note that the filter must come
after the
SecurityWebFiltersOrder.AUTHORIZATION
in the chain, in order to apply the correct constraints to the switchUserUrl.
Example:
SwitchUserWebFilter filter = new SwitchUserWebFilter(userDetailsService, loginSuccessHandler, failureHandler); http.addFilterAfter(filter, SecurityWebFiltersOrder.AUTHORIZATION);
SwitchUserGrantedAuthority
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
ROLE_PREVIOUS_ADMINISTRATOR |
static java.lang.String |
SPRING_SECURITY_SWITCH_USERNAME_KEY |
Constructor and Description |
---|
SwitchUserWebFilter(ReactiveUserDetailsService userDetailsService,
ServerAuthenticationSuccessHandler successHandler,
ServerAuthenticationFailureHandler failureHandler)
Creates a filter for the user context switching
|
SwitchUserWebFilter(ReactiveUserDetailsService userDetailsService,
java.lang.String successTargetUrl,
java.lang.String failureTargetUrl)
Creates a filter for the user context switching
|
Modifier and Type | Method and Description |
---|---|
protected reactor.core.publisher.Mono<Authentication> |
exitSwitchUser(WebFilterExchange webFilterExchange)
Attempt to exit from an already switched user.
|
reactor.core.publisher.Mono<java.lang.Void> |
filter(org.springframework.web.server.ServerWebExchange exchange,
org.springframework.web.server.WebFilterChain chain) |
protected java.lang.String |
getUsername(org.springframework.web.server.ServerWebExchange exchange)
Returns the name of the target user.
|
void |
setExitUserMatcher(ServerWebExchangeMatcher exitUserMatcher)
Set the matcher to respond to exit user processing.
|
void |
setExitUserUrl(java.lang.String exitUserUrl)
Set the URL to respond to exit user processing.
|
void |
setSecurityContextRepository(ServerSecurityContextRepository securityContextRepository)
Sets the repository for persisting the SecurityContext.
|
void |
setSwitchUserMatcher(ServerWebExchangeMatcher switchUserMatcher)
Set the matcher to respond to switch user processing.
|
void |
setSwitchUserUrl(java.lang.String switchUserUrl)
Set the URL to respond to switch user processing.
|
protected reactor.core.publisher.Mono<Authentication> |
switchUser(WebFilterExchange webFilterExchange)
Attempt to switch to another user.
|
public static final java.lang.String SPRING_SECURITY_SWITCH_USERNAME_KEY
public static final java.lang.String ROLE_PREVIOUS_ADMINISTRATOR
public SwitchUserWebFilter(ReactiveUserDetailsService userDetailsService, ServerAuthenticationSuccessHandler successHandler, @Nullable ServerAuthenticationFailureHandler failureHandler)
userDetailsService
- The UserDetailService which will be used to load
information for the user that is being switched to.successHandler
- Used to define custom behaviour on a successful switch or
exit user.failureHandler
- Used to define custom behaviour when a switch fails.public SwitchUserWebFilter(ReactiveUserDetailsService userDetailsService, java.lang.String successTargetUrl, @Nullable java.lang.String failureTargetUrl)
userDetailsService
- The UserDetailService which will be used to load
information for the user that is being switched to.successTargetUrl
- Sets the URL to go to after a successful switch / exit user
requestfailureTargetUrl
- The URL to which a user should be redirected if the switch
failspublic reactor.core.publisher.Mono<java.lang.Void> filter(org.springframework.web.server.ServerWebExchange exchange, org.springframework.web.server.WebFilterChain chain)
filter
in interface org.springframework.web.server.WebFilter
protected reactor.core.publisher.Mono<Authentication> switchUser(WebFilterExchange webFilterExchange)
webFilterExchange
- The web filter exchangeAuthentication
object if successfully switched to
another user, Mono.empty()
otherwise.AuthenticationCredentialsNotFoundException
- If the target user can not be
found by usernameprotected reactor.core.publisher.Mono<Authentication> exitSwitchUser(WebFilterExchange webFilterExchange)
webFilterExchange
- The web filter exchangeAuthentication
object.AuthenticationCredentialsNotFoundException
- If there is no
Authentication
associated with this request or the user is not
switched.protected java.lang.String getUsername(org.springframework.web.server.ServerWebExchange exchange)
exchange
- The server web exchangepublic void setSecurityContextRepository(ServerSecurityContextRepository securityContextRepository)
WebSessionServerSecurityContextRepository
securityContextRepository
- the repository to usepublic void setExitUserUrl(java.lang.String exitUserUrl)
setExitUserMatcher(ServerWebExchangeMatcher)
exitUserUrl
- The exit user URL.public void setExitUserMatcher(ServerWebExchangeMatcher exitUserMatcher)
exitUserMatcher
- The exit matcher to usepublic void setSwitchUserUrl(java.lang.String switchUserUrl)
setSwitchUserMatcher(ServerWebExchangeMatcher)
switchUserUrl
- The switch user URL.public void setSwitchUserMatcher(ServerWebExchangeMatcher switchUserMatcher)
switchUserMatcher
- The switch user matcher.