How to implement an impersonation feature?
Question
If you have used Gitlab - it has an impersonsation feature where if your user has the 'owner' role the can 'impersonate' any user that has been created on the system by clicking a button and see what they see.
I would like to understand how can one implement a feature like that? what is the software design / architecture for it.
I am planning to design and implement this functionality in Java, Spring and Tomcat using server side sessions and would prefer to roll-out my own impersonation feature instead of using a library
1 answers
solution1
0 2018-02-08 20:48:16
If you want a specific solution that GitLab implemented in Ruby, you could take a look at the commit that introduced the feature: Commit 3bb626f9 - refactor login as to be impersonation with better login/logout
Please note that the security issue introduced on this commit was later fixed later: GitLab Blog Post - Critical Security Release for GitLab 8.2 through 8.7
Otherwise, I think this question is too broad. I need some more details - Framework, Current Authentication mechanism, etc.
EDIT: I do not know Java Spring framework too well, but these links may help you:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.