Switch User
To enable a user to switch from the current Authentication
to another user’s, set the useSwitchUserFilter
attribute to true
. This feature is similar to the ‘su’ command in Unix. It enables, for example, an admin to act as a regular user to perform some actions, and then switch back.
Switching to Another User
To switch to another user, typically you create a form that submits to /j_spring_security_switch_user:
1 2 3 4 5 6 |
<sec:ifAllGranted roles='ROLE_SWITCH_USER'> <form action='/j_spring_security_switch_user' method='POST'> Switch to user: <input type='text' name='j_username'/> <br/> <input type='submit' value='Switch'/> </form> </sec:ifAllGranted> |
Here the form is guarded by a check that the logged-in user has ROLE_SWITCH_USER and is not shown otherwise.
Switching Back to Original User
To resume as the original user, navigate to /j_spring_security_exit_user.
1 2 3 4 5 |
<sec:ifSwitched> <a href='${request.contextPath}/j_spring_security_exit_user'> Resume as <sec:switchedUserOriginalUsername/> </a> </sec:ifSwitched> |
Customizing URLs
You can customize the URLs that are used for this feature, although it is rarely necessary:
1 2 3 4 |
grails.plugin.springsecurity.switchUser.switchUserUrl = … grails.plugin.springsecurity.switchUser.exitUserUrl = … grails.plugin.springsecurity.switchUser.targetUrl = … grails.plugin.springsecurity.switchUser.switchFailureUrl = ... |
Property | Default | Meaning |
---|---|---|
useSwitchUserFilter | false |
Whether to use the switch user filter. |
switchUser. switchUserUrl | ‘/j_spring_security_switch_user’ | URL to access (via GET or POST) to switch to another user. |
switchUser. exitUserUrl | ‘/j_spring_security_exit_user’ | URL to access to switch to another user. |
switchUser. targetUrl | Same as successHandler.defaultTargetUrl |
URL for redirect after switching. |
switchUser. switchFailureUrl | Same as failureHandler.defaultFailureUrl |
URL for redirect after an error during an attempt to switch. |
switchUser. usernameParameter | SwitchUserFilter. SPRING_SECURITY_SWITCH_USERNAME_KEY |
The username request parameter name |
Sample url to switch as user:
http://coolshop.com/j_spring_security_switch_user?j_username=logmein%40shopping.com
j_username is passed url encoded value logmein@shopping.com which is the user login we want to switch.
On successful switching user will be redirected to url configured using switchUser. targetUrl
Dynamic switchUser.targetUrl
If you are working on Spring Security Web version “spring-security-web-3.0.7”. You have ability to overrider ‘switchUser. targetUrl’ value for current request by pass request parameter “spring-security-redirect”. On successful user switch Spring security looks for a parameter with name “spring-security-redirect” before using ‘switchUser. targetUrl’ .
If grails.plugin.springsecurity.switchUser.targetUrl : /my-accunt/profile
URL: http://coolshop.com/j_spring_security_switch_user?j_username=logmein%40shopping.com will redirect user to /my-accunt/profile
URL: http://coolshop.com/j_spring_security_switch_user?j_username=logmein%40shopping.com&spring-security-redirect=%2Fmy-account%2Ffavourites will redirect user to /my-account/favourites
By passing spring-security-redirect request parameter we can overrider default switch user targetUrl.