Reputation: 889
How to implement an impersonation feature?
If you have used Gitlab - it has an impersonsation feature where if your user has the 'owner' role the can 'impersonate' any user that has been created on the system by clicking a button and see what they see.
I would like to understand how can one implement a feature like that? what is the software design / architecture for it.
I am planning to design and implement this functionality in Java, Spring and Tomcat using server side sessions and would prefer to roll-out my own impersonation feature instead of using a library
Upvotes: 1
Views: 1430
Answers (1)
Reputation: 990
If you want a specific solution that GitLab implemented in Ruby, you could take a look at the commit that introduced the feature: Commit 3bb626f9 - refactor login as to be impersonation with better login/logout
Please note that the security issue introduced on this commit was later fixed later: GitLab Blog Post - Critical Security Release for GitLab 8.2 through 8.7
Otherwise, I think this question is too broad. I need some more details - Framework, Current Authentication mechanism, etc.
EDIT: I do not know Java Spring framework too well, but these links may help you:
Upvotes: 1
Related Questions
- User impersonation in java
- User Impersonation with Spring Security
- How to impersonate user using SwitchUserFilter in Spring?
- Extending a Jhipster JWT (Spring) monolith application to support impersonation
- spring security (3.0.x) and user impersonation
- Implementing Custom Authentication with Tomcat
- Tomcat/spring session management for anonymous user
- Look for a role-based authentication solution in java
- Class based impersonation
- How to grant access to authenticated users in Tomcat 5.5.x?