spring security（3.0.x）和用户模仿 [英] spring security (3.0.x) and user impersonation

问题描述

在我的网络应用程序中，有时经过身份验证的管理员可能想要冒充系统的另一个有效用户而无需知道该用户的密码。

In my web application, there are times when an authenticated admin might want to impersonate another valid user of a system without having to know that user's password.

怎么能我使用Spring Security为管理员用户提供冒充系统正常（非管理员）用户的能力吗？

How can I use Spring Security to give admin users the ability to impersonate normal (non-admin) users of the system?

Spring Security文档对此保持沉默，我可以'什么都找不到。当然有人必须解决这个问题。

The Spring Security documentation is silent on this and I can't find anything anywhere. Surely someone must have solved this.

谢谢！

推荐答案

这是在 Spring Security 3 中 Spring Security 4 文档恰如其分地命名， 运行身份验证替换。

It's in the Spring Security 3 and Spring Security 4 docs aptly named, "Run-As Authentication Replacement."

AbstractSecurityInterceptor能够在安全对象回调期间临时替换SecurityContext和SecurityContextHolder中的Authentication对象阶段。

The AbstractSecurityInterceptor is able to temporarily replace the Authentication object in the SecurityContext and SecurityContextHolder during the secure object callback phase.

这篇关于spring security（3.0.x）和用户模仿的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！