spring security oauth2 + switch user filter -

-

i set switchuserfilter in spring-boot app implements spring-security-oauth2 yet. i've set filter in websecurityconfiguration extends websecurityconfigureradapter.

after login obtain token, bearer token, , use configured endpoint switch user.

i follow code debug in ide , apparently securitycontextholder updated , new target user injected.

however, when request redirected target url (a property of filter), securitycontextholder gives me old user , not i've requested.

i've inspected oauth2authenticationprocessingfilter , token extracted request return same bearer token , builds user detail , inject securitycontextholder.

is there way use kind of filter oauth2 approach?

the problem need create new token contains new target user information. new token has sent client, future requests new target user token used. in our case token persisted on server side (using jdbctokenstore), work in server-side stateless environments (jwt-token).

our environment spring-boot/jhipster application angular 1.2 client.

creating new token:

@inject private userdetailsservice userdetailsservice;  @inject private authorizationservertokenservices tokenservice;  @inject private clientdetailsservice clientdetailsservice;      public oauth2accesstoken createimpersonationaccesstoken(string login) {        userdetails userdetails = userdetailsservice.loaduserbyusername(login);        log.info("switching current user {}", login);         collection<? extends grantedauthority> authorities = userdetails.getauthorities();        list<grantedauthority> impersonationauthorities = new arraylist<>(authorities);        authentication source = securitycontextholder.getcontext().getauthentication();        // add current user authentication (to switch impersonation):        switchusergrantedauthority switchuserauthority =                 new switchusergrantedauthority(authoritiesconstants.impersonation, source);        impersonationauthorities.add(switchuserauthority);                    userdetails newuserdetails =                 org.springframework.security.core.userdetails.user                .withusername(login)                .authorities(impersonationauthorities)                .password("justinventedhere")                .build();                            authentication userpasswordauthentiation =                 new usernamepasswordauthenticationtoken(newuserdetails, null, impersonationauthorities);         map<string, string> parameters = new hashmap<>();                clientdetails client = clientdetailsservice.loadclientbyclientid(clientid);                    oauth2request oauthrequest = new oauth2request(parameters, client.getclientid(), client.getauthorities(), true,                 client.getscope(), client.getresourceids(), null, null, null);        oauth2authentication authentication = new oauth2authentication(oauthrequest, userpasswordauthentiation);        oauth2accesstoken createaccesstoken = tokenservice.createaccesstoken(authentication);                    return createaccesstoken;    }

this new token returned client (in our case angular 1.2 application) stores token in local storage (to used on next requests). application needs reloading (simplest way update target user):

vm.switchtoclient = function (client) {     vm.switchinguser = true;     userservice.switchtoclient(client, function(response) {                 var expiredat = new date();                 $localstorage.authenticationtoken = response;                 window.location.href='#/';                 window.location.reload()             }); }

Comments

  1. Raju RathoreJuly 17, 2019 at 2:32 AM

    Hi Could you please provide complete code for spring boot 2 oauth2 switch user functionality?

    ReplyDelete

Post a Comment

Popular posts from this blog

Android volley - avoid multiple requests of the same kind to the server? -

-
i using volley upload list of images server. happens within service. once image uploaded remove list. problem arises when internet connection breaks. when internet connection breaks , comes again thinking of adding images yet uploaded request queue. this can result in more 1 copy of same image saved on server request same image might have gone through before getting rseponse. how can address scenario? i'm not quite sure why you're using service schedule requests volley automatically runs it's request in seperate thread. nevertheless can listen both request results, successful , unsuccessful adding listeners. you can remove image list schedule request using volley. if succeeds can carry on desired, if fails can add again list. public static request getimageuploadrequest(final string image) { response.listener<t> responselistener = new response.listener<t>() { @override public void onresponse(t response...
Read more

magento2 - Magento 2 admin grid add filter to collection -

-
i created grid in admin xml ui components. need filter collection via url parameter , dont know how achieve that. tried inject requestinterface collection, filter didnt work. di.xml <virtualtype name="slidelistingdataprovider" type="magento\framework\view\element\uicomponent\dataprovider\dataprovider"> <arguments> <argument name="collection" xsi:type="object" shared="false">xxx\xxx\model\resourcemodel\grid\slide\collection</argument> <argument name="filterpool" xsi:type="object" shared="false">slidelistingfilterpool</argument> <!-- define new object filters --> </arguments> </virtualtype> <virtualtype name="slidelistingfilterpool" type="magento\framework\view\element\uicomponent\dataprovider\filterpool"> <arguments> <argument name="applier...
Read more

Combining PHP Registration and Login into one class with multiple functions in one PHP file -

-
i'm trying combine registration, activation , login scripts php website backend script front end developer can pass variables different forms to. my question whether appropriate approach this. don't want have lot of php files different pieces of application developing. far have written following 2 functions login, register , activate user front end developer can call: <?php /** * created phpstorm. * user: karl * date: 26/07/2016 * time: 02:25 */ class users { function register_user($email, $password, $user_name) { $server_name = "localhost"; $u_name = "root"; $db_password = "root"; $db_name = "betamath_graspe"; //email notification variable $from_address="info@slack.com"; //registration form $msg_reg_user='username taken. please choose different username'; $msg_reg_email='email registered'; $msg_reg_active=...
Read more