I have some data that i need to replicated for userA. As i dont know userA's password, i want to login as adminUser & switch to userA & post the data. Related to this i have two questions :-
Question 1) I am first trying to login & switch using the example given in the response here How to impersonate user using SwitchUserFilter in Spring?
private final TokenProvider tokenProvider;
protected UserDetailsService userDetailsService;//= (UserDetailsService) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
private final CorsFilter corsFilter;
private final SecurityProblemSupport problemSupport;
public SecurityConfiguration(UserDetailsService userDetailsService,TokenProvider tokenProvider, CorsFilter corsFilter, SecurityProblemSupport problemSupport) {
this.tokenProvider = tokenProvider;
this.corsFilter = corsFilter;
this.userDetailsService = userDetailsService;
this.problemSupport = problemSupport;
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers(HttpMethod.OPTIONS, "/**")
.antMatchers("/swagger-ui/index.html")
.antMatchers("/test/**");
}
@Override
public void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.csrf()
.disable()
.addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
.addFilterAfter(switchUserFilter(), FilterSecurityInterceptor.class)
.exceptionHandling()
.authenticationEntryPoint(problemSupport)
.accessDeniedHandler(problemSupport)
.and()
.headers()
.frameOptions()
.disable()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/authenticate").permitAll()
.antMatchers("/api/register").permitAll()
.antMatchers("/api/activate").permitAll()
.antMatchers("/api/account/reset-password/init").permitAll()
.antMatchers("/api/account/reset-password/finish").permitAll()
.antMatchers("/api/**").authenticated()
.antMatchers("/management/health").permitAll()
.antMatchers("/management/info").permitAll()
.antMatchers("/management/prometheus").permitAll()
.antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/login/switchUser").permitAll()
.antMatchers("/login/impersonate").permitAll()
.and()
.apply(securityConfigurerAdapter());
// @formatter:on
}
@Bean
public SwitchUserFilter switchUserFilter() {
SwitchUserFilter filter = new SwitchUserFilter();
filter.setUserDetailsService(userDetailsService);
filter.setSwitchUserUrl("/login/impersonate");
filter.setSwitchFailureUrl("/login/switchUser");
filter.setTargetUrl("/#/home");
return filter;
}
private JWTConfigurer securityConfigurerAdapter() {
return new JWTConfigurer(tokenProvider);
}
}
What i have tried is, i logged in as adminUser and in the url i try to switch by changing the url to http://localhost:9000/login/impersonate?username=userA
Now, my issue is i get successfully redirected to the home screen but my user remains adminUser. (i do this cause, when i make a get/post call from postman i get response saying browser is outdated & need to enable javascript)
P.S. :- I have a jhipster developed application, so most of the classes are already added by default.
P.P.S. :- I know i'm extremely dumb
Question 2) As i mentioned earlier, i need to replicate the data & i need to do it programatically, how can i achieve this ? can SwitchUserFilter call a rest url & pass some custom data/values to it ?
add this custom method in UserJwTController
@PostMapping("/authenticate-externalnodes")
public ResponseEntity<JWTToken> authenticateExternalnodes(@Valid @RequestBody LoginVM loginVM) {
// Get Roles for user via username
Set<Authority> authorities = userService.getUserWithAuthoritiesByLogin(loginVM.getUsername()).get()
.getAuthorities();
// Create Granted Authority Rules
Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
for (Authority authority : authorities) {
grantedAuthorities.add(new SimpleGrantedAuthority(authority.getName()));
}
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
loginVM.getUsername(), "", grantedAuthorities);
Authentication authentication = authenticationToken;
SecurityContextHolder.getContext().setAuthentication(authentication);
boolean rememberMe = (loginVM.isRememberMe() == null) ? false : loginVM.isRememberMe();
String jwt = tokenProvider.createToken(authentication, rememberMe);
HttpHeaders httpHeaders = new HttpHeaders();
httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer " + jwt);
return new ResponseEntity<>(new JWTToken(jwt), httpHeaders, HttpStatus.OK);
}