Re: [appfuse-user] Pretending to be another user

[Matt Raible]

You might try using Acegi's Switch User feature:

http://www.acegisecurity.org/multiproject/acegi-security/apidocs/org/acegisecurity/ui/switchuser/SwitchUserProcessingFilter.html

http://tinyurl.com/23vgf9

Matt

On 4/17/07, Nigel in NZ <[EMAIL PROTECTED]> wrote:

Hi,

I have a scenario where my admin user wants to pretend to be another user,
so I added the following code ripped from the SignupAction class,

    public ActionForward mimicUser(ActionMapping mapping, ActionForm form,
                                HttpServletRequest request,
                                HttpServletResponse response)
    throws Exception {
        if (log.isDebugEnabled()) {
            log.debug("Entering 'mimic user' method");
        }
        UserManager mgr = (UserManager) getBean("userManager");

        UserForm userForm = (UserForm)form;
         // log user in automatically
        Authentication auth = new
UsernamePasswordAuthenticationToken(userForm.getUsername(),
userForm.getConfirmPassword());
        try {
            ProviderManager authenticationManager = (ProviderManager)
getBean("authenticationManager");

SecurityContextHolder.getContext().setAuthentication(authenticationManager.doAuthentication(auth));
        } catch (NoSuchBeanDefinitionException n) {
            // ignore, should only happen when testing
        }
        return new ActionForward("main");
    }

But sadly I get a bad credencials.

     [java] [plantman] DEBUG [http-8080-Processor23]
UserAction.mimicUser(351) | Entering 'mimic
     [java] [plantman] WARN [http-8080-Processor23]
LoggerListener.onApplicationEvent(55) | Authe
icationFailureBadCredentialsEvent: bondn; details: null; exception: Bad
credentials
     [java] [plantman] INFO
[ContainerBackgroundProcessor[StandardEngine[Catalina]]] SimpleClicks
lickstream for: 0:0:0:0:0:0:0:1

 I am pretty sure this must be because I am still logged in as 'admin' but I
am not sure what to do to either log off and then log back on as this user
or allow the action.  I would like a code solution not a DB or interactive
solution but cannot work it out.  Clearly, I do not want my admin to have to
re-login using the clients credentials interactively!

So, to be clear, how do I as admin viewing a users details change to be them
so I can update their order for example. or is this just soooo bad that I
cannot do it.  It does seem a valid use case that admin would be on the
phone to a client and they say 'oh I forgot x can you add it please'.

Any help would be appreciated.

Thanks

Nigel
--
View this message in context: 
http://www.nabble.com/Pretending-to-be-another-user-tf3590245s2369.html#a10033672
Sent from the AppFuse - User mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

--
http://raibledesigns.com

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]