Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

User Switcher for Cascade Server


Published on

Pima Community College has created a User Switcher tool that allows Cascade Server administrators to log in as another user without a password. Learn how the User Switcher works and how you can use it in your own CMS!

Published in: Technology
  • Be the first to comment

  • Be the first to like this

User Switcher for Cascade Server

  1. 1. User Switcher for Cascade Server Leah Einecker Pima Community College
  2. 2. Why? Verifying permissions / user setup User support General awesomeness
  3. 3. The easy part <form method="POST" action="doSwitch.jsp"> Who do you want to be today?<br /> <input type="text" name="wannabe" /> <input type="submit" value="Go" /> </form>
  4. 4. Check the submitted data if (wannabe == null) { response.sendRedirect("index.jsp"); } /* dunno what happens if you try to log in as username “!@$#!''%%--!#”. */ wannabe = wannabe.replaceAll("[^-w]", ""); String wannabe = request.getParameter("wannabe");
  5. 5. Check the user LoginInformationBean LoginInformationBean loginInfoBean = (LoginInformationBean)session.getAttribute("user"); String username = loginInfoBean.getUsername();
  6. 6. Dispensing beans org.springframework.context.ApplicationContext ApplicationContext appCtx = WebApplicationContextUtils.getWebApplicationContext( pageContext.getServletContext()); appCtx.getBean("myBeanName"); [cascade]/ROOT/WEB- INF/classes/com/hannonhill/cascade/config /spring/[xml files]
  7. 7. Dispensing services com.hannonhill.cascade.model.service. ServiceProviderHolderBean ServiceProviderHolderBean.getServiceProvider(). get___Service() [cascade]/ROOT/WEB- INF/classes/com/hannonhill/cascade/config /spring/applicationContextServices.xml
  8. 8. Verify role with RoleService if (!roleService.userHasRoleByRolename( username,"Administrator" )){ err = "Only Administrators can do that!"; } com.hannonhill.cascade.model.service.RoleService
  9. 9. A magical login bean StrutsPerformLogin StrutsPerformLogin performLoginBean = (StrutsPerformLogin)appCtx.getBean("performLogin");
  10. 10. ...and login ! { performLoginBean.login(request, response, wannabe); } catch (Exception e) { err = "<p>A problem occurred logging you in! “ + "Did you enter an incorrect username?</p>“ + " <a href="index.jsp">Try again</a>"; } try
  11. 11. Gotchas Logs out the user if logged in elsewhere No tracking or auditing of switch (yet?) Once switched, actions attributed to new user If you switch to non-admin, you can’t switch back!
  12. 12. Where does the code go? Create new directory inside Cascade install [tomcat]/webapps/ROOT/pccCustom https://myCMS/pccCustom/path CMS login required! Prevents loss during CMS upgrade / accidental overwrites of Cascade Server code
  13. 13. Errors and logs [tomcat]/logs/catalina.out [tomcat]/logs/cascade.log [tomcat]/webapps/ROOT/WEB-INF/classes/
  14. 14. Free code! MIT license
  15. 15. Questions? Leah Einecker Pima Community College