diff --git a/core/src/main/java/org/acegisecurity/ui/switchuser/SwitchUserAuthorityChanger.java b/core/src/main/java/org/acegisecurity/ui/switchuser/SwitchUserAuthorityChanger.java new file mode 100644 index 0000000000..a928fe6a47 --- /dev/null +++ b/core/src/main/java/org/acegisecurity/ui/switchuser/SwitchUserAuthorityChanger.java @@ -0,0 +1,30 @@ +package org.acegisecurity.ui.switchuser; + +import java.util.List; + +import org.acegisecurity.Authentication; +import org.acegisecurity.GrantedAuthority; +import org.acegisecurity.userdetails.UserDetails; + +/** + * Allows subclasses to modify the {@link GrantedAuthority} list that will be assigned to the principal + * when they assume the identity of a different principal. + * + *
Configured against the {@link SwitchUserProcessingFilter}. + * + * @author Ben Alex + * @version $Id$ + * + */ +public interface SwitchUserAuthorityChanger { + + /** + * Allow subclasses to add or remove authorities that will be granted when in switch user mode. + * + * @param targetUser the UserDetails representing the identity being switched to + * @param currentAuthentication the current Authentication of the principal performing the switching + * @param authoritiesToBeGranted all {@link GrantedAuthority} instances to be granted to the user, + * excluding the special "switch user" authority that is used internally (guaranteed never null) + */ + public void modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, List authoritiesToBeGranted); +} diff --git a/core/src/main/java/org/acegisecurity/ui/switchuser/SwitchUserProcessingFilter.java b/core/src/main/java/org/acegisecurity/ui/switchuser/SwitchUserProcessingFilter.java index fe785c26f2..79538f5109 100644 --- a/core/src/main/java/org/acegisecurity/ui/switchuser/SwitchUserProcessingFilter.java +++ b/core/src/main/java/org/acegisecurity/ui/switchuser/SwitchUserProcessingFilter.java @@ -115,6 +115,7 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App private String exitUserUrl = "/j_acegi_exit_user"; private String switchUserUrl = "/j_acegi_switch_user"; private String targetUrl; + private SwitchUserAuthorityChanger switchUserAuthorityChanger; // ~ Instance fields // ======================================================== @@ -277,6 +278,11 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App // get the original authorities List orig = Arrays.asList(targetUser.getAuthorities()); + // Allow subclasses to change the authorities to be granted + if (switchUserAuthorityChanger != null) { + switchUserAuthorityChanger.modifyGrantedAuthorities(targetUser, currentAuth, orig); + } + // add the new switch user authority List newAuths = new ArrayList(orig); newAuths.add(switchAuthority); @@ -460,4 +466,12 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App return uri; } + + /** + * @param switchUserAuthorityChanger to use to fine-tune the authorities granted to subclasses (may be null if + * SwitchUserProcessingFilter shoudl not fine-tune the authorities) + */ + public void setSwitchUserAuthorityChanger(SwitchUserAuthorityChanger switchUserAuthorityChanger) { + this.switchUserAuthorityChanger = switchUserAuthorityChanger; + } }