Matt, Ok its working.
I added my own filter into the chain to see what it was doing, when it came to the call to j_acegi_switch_user it was not called at all! I then went to my web.xml and realised that the j_security_check was in there so I added my security url's and blow me down, it started working :) There was another gotcha in the way, which I solved along the way, http://opensource.atlassian.com/projects/spring/browse/SEC-376 Basically the SwitchUserProcessingFilter needs to come at the end of the chain to work. Thanks for your help with this Nigel Nigel in NZ wrote: > > Matt, > > Nearly there now I think. I am pretty sure the problem is in the pattern > matching. It does not match when I do the following:- > > <form method="post" id="loginForm" action="<c:url > value="/j_acegi_switch_user"/>"> > <input type="hidden" name="j_username" value="normaluser"/> > <input type="submit" class="button" name="login" value="switch" /> > </form> > > Yet, if I ask it to do a j_security_check it goes to the login page. > Looking at the source code for the class if I got any further I would get > some debug. I am going to update my version currently 1.0.2 to 1.0.3 but > I do not hold out much hope! > > My filter chain looks correct, > > <value> > CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON > PATTERN_TYPE_APACHE_ANT > > /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,switchUserProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor > </value> > > but no match is being made. > > I will keep on digging, but if anything 'springs' to mind please feel > free. > > Thanks > > Nigel > > mraible wrote: >> >> I have a requirement to add this functionality in one of my projects. >> I don't know when I'll get around to trying to implement it, but >> hopefully in the next week or so. >> >> Matt >> >> On 4/18/07, Nigel in NZ <[EMAIL PROTECTED]> wrote: >>> >>> Matt, >>> >>> Thanks for that. I spent some time this evening looking at it but it is >>> now >>> 12:15am so must stop! >>> >>> I added my switchUserProcessingFilter to my filterChainProxy, I created, >>> >>> <bean id="switchUserProcessingFilter" >>> class="org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter"> >>> <property name="userDetailsService" ref="userDao" /> >>> <property >>> name="switchUserUrl"><value>/j_acegi_switch_user</value></property> >>> <property >>> name="exitUserUrl"><value>/j_acegi_exit_user</value></property> >>> <property name="targetUrl"><value>/main.jsp</value></property> >>> </bean> >>> >>> I then tried calling it based on the assumption that all I should need >>> to do >>> is set the j_username to the value I want and call /j_acegi_switch_user >>> . >>> So I set up a call to an admin only page of that name i.e. >>> >>> * @struts.action-forward name="mimic" path="/j_acegi_switch_user" >>> >>> but with no luck. Have you seen any code that actually does this stuff? >>> Could you post it here for me possibly, I could not find any examples in >>> books or online. >>> >>> Do I need to actually use the service the one test class I did find >>> seemed >>> to say no, just set the parameter. One possible clue would be that I am >>> setting this as an attribute not a parameter, but I am too tired to >>> think >>> now 12:31am! >>> >>> off to bed >>> >>> Thanks in advance >>> >>> Nigel >>> >>> mraible wrote: >>> > >>> > You might try using Acegi's Switch User feature: >>> > >>> > >>> http://www.acegisecurity.org/multiproject/acegi-security/apidocs/org/acegisecurity/ui/switchuser/SwitchUserProcessingFilter.html >>> > >>> > http://tinyurl.com/23vgf9 >>> > >>> > Matt >>> > >>> > On 4/17/07, Nigel in NZ <[EMAIL PROTECTED]> wrote: >>> >> >>> >> Hi, >>> >> >>> >> I have a scenario where my admin user wants to pretend to be another >>> >> user, >>> >> so I added the following code ripped from the SignupAction class, >>> >> >>> >> public ActionForward mimicUser(ActionMapping mapping, ActionForm >>> >> form, >>> >> HttpServletRequest request, >>> >> HttpServletResponse response) >>> >> throws Exception { >>> >> if (log.isDebugEnabled()) { >>> >> log.debug("Entering 'mimic user' method"); >>> >> } >>> >> UserManager mgr = (UserManager) getBean("userManager"); >>> >> >>> >> UserForm userForm = (UserForm)form; >>> >> // log user in automatically >>> >> Authentication auth = new >>> >> UsernamePasswordAuthenticationToken(userForm.getUsername(), >>> >> userForm.getConfirmPassword()); >>> >> try { >>> >> ProviderManager authenticationManager = (ProviderManager) >>> >> getBean("authenticationManager"); >>> >> >>> >> >>> SecurityContextHolder.getContext().setAuthentication(authenticationManager.doAuthentication(auth)); >>> >> } catch (NoSuchBeanDefinitionException n) { >>> >> // ignore, should only happen when testing >>> >> } >>> >> return new ActionForward("main"); >>> >> } >>> >> >>> >> But sadly I get a bad credencials. >>> >> >>> >> [java] [plantman] DEBUG [http-8080-Processor23] >>> >> UserAction.mimicUser(351) | Entering 'mimic >>> >> [java] [plantman] WARN [http-8080-Processor23] >>> >> LoggerListener.onApplicationEvent(55) | Authe >>> >> icationFailureBadCredentialsEvent: bondn; details: null; exception: >>> Bad >>> >> credentials >>> >> [java] [plantman] INFO >>> >> [ContainerBackgroundProcessor[StandardEngine[Catalina]]] SimpleClicks >>> >> lickstream for: 0:0:0:0:0:0:0:1 >>> >> >>> >> I am pretty sure this must be because I am still logged in as >>> 'admin' >>> >> but I >>> >> am not sure what to do to either log off and then log back on as this >>> >> user >>> >> or allow the action. I would like a code solution not a DB or >>> >> interactive >>> >> solution but cannot work it out. Clearly, I do not want my admin to >>> have >>> >> to >>> >> re-login using the clients credentials interactively! >>> >> >>> >> So, to be clear, how do I as admin viewing a users details change to >>> be >>> >> them >>> >> so I can update their order for example. or is this just soooo bad >>> that I >>> >> cannot do it. It does seem a valid use case that admin would be on >>> the >>> >> phone to a client and they say 'oh I forgot x can you add it please'. >>> >> >>> >> Any help would be appreciated. >>> >> >>> >> Thanks >>> >> >>> >> Nigel >>> >> -- >>> >> View this message in context: >>> >> >>> http://www.nabble.com/Pretending-to-be-another-user-tf3590245s2369.html#a10033672 >>> >> Sent from the AppFuse - User mailing list archive at Nabble.com. >>> >> >>> >> --------------------------------------------------------------------- >>> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> >> For additional commands, e-mail: [EMAIL PROTECTED] >>> >> >>> >> >>> > >>> > >>> > -- >>> > http://raibledesigns.com >>> > >>> > --------------------------------------------------------------------- >>> > To unsubscribe, e-mail: [EMAIL PROTECTED] >>> > For additional commands, e-mail: [EMAIL PROTECTED] >>> > >>> > >>> > >>> >>> -- >>> View this message in context: >>> http://www.nabble.com/Pretending-to-be-another-user-tf3590245s2369.html#a10057748 >>> Sent from the AppFuse - User mailing list archive at Nabble.com. >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >> >> >> -- >> http://raibledesigns.com >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > > -- View this message in context: http://www.nabble.com/Pretending-to-be-another-user-tf3590245s2369.html#a10071005 Sent from the AppFuse - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
