All geek questions in one place

Log in as a proxy for a specific user

We have a requirement in which an administrative user needs a proxy server as a specific user in an environment where an administrator (role: administrator) manages several users (role: user).

For example, if we have the following users in the database (admin, user1, user2, user3), we would like the proxy administrator to be “user2” and use the system in certain scenarios. Authentication in our web application is based on username and password credentials, which mechanisms are available for the administrator to proxy as "user2" when he does not have a password for "user2". How can an application track such access for audit purposes to mention that “admin” proxied “user2” and performed certain actions.

I am looking for suggestions to support this in our j2ee (jboss) web application.

+3
source share
3

registerAdminAsUser().

@Name("authenticationProxy")
public class AuthenticationProxy {

    private @In org.jboss.seam.security.Identity identity;

    /**
      * Starting with Seam 2.1+, you should use Credentials instead of Identity
      * To collect your username and password
      *
      * Your JSF Form should looks like
      *
      * <h:inputText value="#{credentials.username}"/>
      * <h:inputSecret value="#{credentials.password}"/>
      */
    private @In org.jboss.seam.security.Credentials credentials;

    public String registerAdminAsUser2() {

        identity.getCredentials().setUsername("user2");

        /**
          * Here you should provide any role which should be assigned to User2
          */
        identity.addRole("<A_ROLE>");
        identity.addRole("<OTHER_ROLE>");
        identity.addRole("<ANOTHER_ROLE>");

        /**
          * Do not call login method because it will call authenticate one
          * You do not have User2 password
          */
        // identity.login();

        return "loggedIn";
    }

    /**
      * Be aware you may need a unregisterAdminAsUser2
      */

}

-, commandButton

<h:commandButton value="register Admin as User2" value="#{authenticationProxy.registerAdminAsUser2}" rendered="#{credentials.username == 'admin'}"/>

JSF, :

<h:commandLink rendered="#{s:hasRole('<ANY_ROLE_ASSIGNED_TO_USER2_GOES_HERE>')}"/>

, !

+1

, _/user_pw user_name/admin_pw, .

15.3.2.

+2

, , , . , - ( ). = , ( ) "" " ", . , , , . , .

0

Source: https://habr.com/ru/post/1741674/

More articles:


All Articles