Tag Archives: spring-security-redirect

Switch User

To enable a user to switch from the current Authentication to another user’s, set the useSwitchUserFilter attribute to true. This feature is similar to the ‘su’ command in Unix. It enables, for example, an admin to act as a regular user to perform some actions, and then switch back.

Switching to Another User

To switch to another user, typically you create a form that submits to /j_spring_security_switch_user:

Here the form is guarded by a check that the logged-in user has ROLE_SWITCH_USER and is not shown otherwise.

Switching Back to Original User

To resume as the original user, navigate to /j_spring_security_exit_user.

Customizing URLs

You can customize the URLs that are used for this feature, although it is rarely necessary:

Property Default Meaning
useSwitchUserFilter false Whether to use the switch user filter.
switchUser. switchUserUrl ‘/j_spring_security_switch_user’ URL to access (via GET or POST) to switch to another user.
switchUser. exitUserUrl ‘/j_spring_security_exit_user’ URL to access to switch to another user.
switchUser. targetUrl Same as successHandler.defaultTargetUrl URL for redirect after switching.
switchUser. switchFailureUrl Same as failureHandler.defaultFailureUrl URL for redirect after an error during an attempt to switch.
switchUser. usernameParameter SwitchUserFilter. SPRING_SECURITY_SWITCH_USERNAME_KEY The username request parameter name

Sample url to switch as user:

http://coolshop.com/j_spring_security_switch_user?j_username=logmein%40shopping.com

j_username  is passed url encoded value logmein@shopping.com which is the user login we want to switch.

On successful switching user will be redirected to url configured using  switchUser. targetUrl

Dynamic switchUser.targetUrl

If you are working on Spring Security Web version “spring-security-web-3.0.7”. You have ability to overrider ‘switchUser. targetUrl’  value for current request by  pass request parameter “spring-security-redirect”. On successful user switch Spring security looks for a parameter with name “spring-security-redirect” before using ‘switchUser. targetUrl’ .

If  grails.plugin.springsecurity.switchUser.targetUrl : /my-accunt/profile

URL: http://coolshop.com/j_spring_security_switch_user?j_username=logmein%40shopping.com  will redirect user to /my-accunt/profile

URL: http://coolshop.com/j_spring_security_switch_user?j_username=logmein%40shopping.com&spring-security-redirect=%2Fmy-account%2Ffavourites  will redirect user to /my-account/favourites

By passing spring-security-redirect request parameter we can overrider default switch user targetUrl.