CODEWITHSUNDEEP
grailsspring-security
Krunal
Krunal

Reputation: 7738

Grail's Spring security: Use email instead of username to switch users in SwitchUserFilter

I have a modified User class in my spring security which use attribute email instead of username. Now I want to a functionality to switch users, so an admin can login seamlessly as a particular user without logging out. I came across this Link , which shows there is a switchUserFilter to achieve this. So I tried to get it working by passing j_username as email,but it gets redirected to a blank page and the user does not switch.

I have tried all these things but still could not figure out a way around it: 1) Added to Config.groovy: grails.plugins.springsecurity.userLookup.usernamePropertyName='email'

2) Create a method in User class getUserName() to return email.

P.S: I looked into the source code of springSecurity switchUserFilter(link)and came across this code on line 209:

protected Authentication attemptSwitchUser(HttpServletRequest request)
        throws AuthenticationException {
    UsernamePasswordAuthenticationToken targetUserRequest;

    String username = request.getParameter(usernameParameter);

But I am not sure if that is the issue and do not want to make changes in the plugin.

Upvotes: 0

Views: 780

Answers (2)

Krunal
Krunal

Reputation: 7738

Finally found the solution: Add this to the config.groovy file

grails.plugin.springsecurity.userLookup.usernamePropertyName = 'email'
    grails.plugin.springsecurity.useSwitchUserFilter = true

    grails.plugin.springsecurity.controllerAnnotations.staticRules = [
    ....
    '/j_spring_security_switch_user': ['ROLE_SWITCH_USER', 'isFullyAuthenticated()'],
    '/j_spring_security_exit_user': ['isFullyAuthenticated()'],
    '/public/**':              ['permitAll']
    .....
    ]

2) Then create a Role ROLE_SWITCH_USER in bootstrap.groovy

def switchUserRole = Role.findByAuthority('ROLE_SWITCH_USER') ?: new Role(authority: 'ROLE_SWITCH_USER').save(flush: true, failOnError: true)

And assign it to a super user

3) Then follow the instruction(here) to update the view to add a switch button

Upvotes: 0

Emmanuel Rosa
Emmanuel Rosa

Reputation: 9885

The usernameParameter property of the SwitchUserFilter is set to username by default. That does seem to be part of your problem.

The SwitchUserFilter has a method named setUsernameParameter() that allows you to change this default. It seems the filter is a bean, so you might be able to do something like this in grails-app/conf/spring/Config.groovy

import org.springframework.security.web.authentication.switchuser.SwitchUserFilter

beans = {
    switchUserFilter {
        usernameParameter = 'email'
    }
}

Or maybe something like this in grails-app/config/BootStrap.groovy

def switchUserFilter

def init = { servletContext ->
        switchUserFilter.usernameParameter = 'email'
}

Upvotes: 1

Related Questions