Hi, I am trying again to implement user impersonation in Flex+Spring web app. We don't use Spring Boot, and recently upgraded to the latest Spring 4.3 (and SpringSecurity 4.1.3) and started using deep linking.
I tried to follow that way: http://www.disasterarea.co.uk/blog/user-impersonation-with-spring-security/ But we do not have separate URLs (have Flex modules - one for regular users, one for admins), and each user has 1 role. So when I login from AdminGUI (as admin1), select user1 and click on Impersonate button, it just goes through "channelset already authenticated" and logs me back in as user admin1, instead of user1. Should I try to use URL fragments in spring-security-config or it doesn't matter? Something like: <beans:bean id="switchUserProcessingFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserFilter"> <beans:property name="userDetailsService" ref="customAuthenticationProvider"/> <beans:property name="switchUserUrl" value="/admin/impersonate"/> <beans:property name="targetUrl" value="/cre/CRE.html"/> <beans:property name="switchFailureUrl" value="/admin/switchUser"/> </beans:bean> At the moment those URLs (except targetUrl) are not in use. Please advise. TIA, Oleg. -- View this message in context: http://apache-flex-users.2333346.n4.nabble.com/User-impersonation-in-Spring-Security3-Flex-web-app-tp12968p13984.html Sent from the Apache Flex Users mailing list archive at Nabble.com.
