User Switcher for Cascade Server

266
-1

Published on

Pima Community College has created a User Switcher tool that allows Cascade Server administrators to log in as another user without a password. Learn how the User Switcher works and how you can use it in your own CMS!

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
266
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

User Switcher for Cascade Server

  1. 1. User Switcher for Cascade Server Leah Einecker Pima Community College
  2. 2. Why? Verifying permissions / user setup User support General awesomeness
  3. 3. The easy part <form method="POST" action="doSwitch.jsp"> Who do you want to be today?<br /> <input type="text" name="wannabe" /> <input type="submit" value="Go" /> </form>
  4. 4. Check the submitted data if (wannabe == null) { response.sendRedirect("index.jsp"); } /* dunno what happens if you try to log in as username “!@$#!''%%--!#”. */ wannabe = wannabe.replaceAll("[^-w]", ""); String wannabe = request.getParameter("wannabe");
  5. 5. Check the user LoginInformationBean LoginInformationBean loginInfoBean = (LoginInformationBean)session.getAttribute("user"); String username = loginInfoBean.getUsername(); com.hannonhill.cascade.view.beans.security.
  6. 6. Dispensing beans org.springframework.context.ApplicationContext ApplicationContext appCtx = WebApplicationContextUtils.getWebApplicationContext( pageContext.getServletContext()); appCtx.getBean("myBeanName"); [cascade]/ROOT/WEB- INF/classes/com/hannonhill/cascade/config /spring/[xml files]
  7. 7. Dispensing services com.hannonhill.cascade.model.service. ServiceProviderHolderBean ServiceProviderHolderBean.getServiceProvider(). get___Service() [cascade]/ROOT/WEB- INF/classes/com/hannonhill/cascade/config /spring/applicationContextServices.xml
  8. 8. Verify role with RoleService if (!roleService.userHasRoleByRolename( username,"Administrator" )){ err = "Only Administrators can do that!"; } com.hannonhill.cascade.model.service.RoleService
  9. 9. A magical login bean com.hannonhill.cascade.view.struts.security. StrutsPerformLogin StrutsPerformLogin performLoginBean = (StrutsPerformLogin)appCtx.getBean("performLogin");
  10. 10. ...and login ! { performLoginBean.login(request, response, wannabe); } catch (Exception e) { err = "<p>A problem occurred logging you in! “ + "Did you enter an incorrect username?</p>“ + " <a href="index.jsp">Try again</a>"; } try
  11. 11. Gotchas Logs out the user if logged in elsewhere No tracking or auditing of switch (yet?) Once switched, actions attributed to new user If you switch to non-admin, you can’t switch back!
  12. 12. Where does the code go? Create new directory inside Cascade install [tomcat]/webapps/ROOT/pccCustom https://myCMS/pccCustom/path CMS login required! Prevents loss during CMS upgrade / accidental overwrites of Cascade Server code
  13. 13. Errors and logs [tomcat]/logs/catalina.out [tomcat]/logs/cascade.log [tomcat]/webapps/ROOT/WEB-INF/classes/ default-logging.properties
  14. 14. Free code! https://github.com/PimaCommunityCollege/user-switcher MIT license
  15. 15. Questions? Leah Einecker Pima Community College leinecker@pima.edu
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×