Switch user functionality in admin module.Login as some user
Posted: Thu Jul 25, 2013 6:26 am
Hi ,
I hope this helps someone trying to implement something I had to do in my BLC based project. So the requirement was to implement a switch in the admin module by which admin people can login into some user's account without knowing their password. This was to be done just for the sake of troubleshooting the application from the customer's login. This kind of functionality is not provided by BLC framework in the admin module by-default.The trick here was to user SwitchUserFilter provided by spring-security.
You need to add this bean
to your security context XML file and then set it up before the FILTER_SECURITY_INTERCEPTOR like this :
Once the above two steps are done you should add this type of code to your XML
The above code ensures that only users with specific privileges can only login into customer's account. For changes on the database side you need to add a role to the blc_role table (this role should be ROLE_ADMIN). Next change in DB would be to assign this newly created role to a user. You can do that in the table blc_customer_role_xref.
That's it! You are set on the website side. Now all you need to do is hit the url http://www.yoursite.com/j_spring_securi ... e=username
You will be presented with a login screen of your application and you need to type in the credentials of your ROLE_ADMIN user.
Reference: http://www.reverttoconsole.com/blog/spr ... in-spring/
Cheers
Shreyash
I hope this helps someone trying to implement something I had to do in my BLC based project. So the requirement was to implement a switch in the admin module by which admin people can login into some user's account without knowing their password. This was to be done just for the sake of troubleshooting the application from the customer's login. This kind of functionality is not provided by BLC framework in the admin module by-default.The trick here was to user SwitchUserFilter provided by spring-security.
You need to add this bean
Code: Select all
<bean id="switchUserProcessingFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserFilter">
<property name="userDetailsService" ref="userDetailsService" />
<property name="switchUserUrl" value="/j_spring_security_switch_user" />
<property name="switchFailureUrl" value="/" />
<property name="exitUserUrl" value="/j_spring_security_exit_user" />
<property name="targetUrl" value="/targetUrl" />
</bean>to your security context XML file and then set it up before the FILTER_SECURITY_INTERCEPTOR like this :
Code: Select all
<sec:custom-filter ref="switchUserProcessingFilter" after="FILTER_SECURITY_INTERCEPTOR"/>Once the above two steps are done you should add this type of code to your XML
Code: Select all
<sec:intercept-url pattern="/j_spring_security_switch_user" access="ROLE_ADMIN"/>The above code ensures that only users with specific privileges can only login into customer's account. For changes on the database side you need to add a role to the blc_role table (this role should be ROLE_ADMIN). Next change in DB would be to assign this newly created role to a user. You can do that in the table blc_customer_role_xref.
That's it! You are set on the website side. Now all you need to do is hit the url http://www.yoursite.com/j_spring_securi ... e=username
You will be presented with a login screen of your application and you need to type in the credentials of your ROLE_ADMIN user.
Reference: http://www.reverttoconsole.com/blog/spr ... in-spring/
Cheers
Shreyash