Foren
Impersonation (via API) and Pages
Chris Chan, geändert vor 12 Jahren.
Impersonation (via API) and Pages
Junior Member Beiträge: 39 Beitrittsdatum: 23.07.10 Neueste Beiträge
Hi,
I have developed a custom portlet that displays a list of users and when selecting a user from the list, would allow the main user to impersonate the selected user.
The following code is how I have coded this part in the portlet:
This method is being referenced as a portlet:actionURL in my jsp's form.
Now this works when I've selected a user and it indeed impersonates the user, but when navigating to another page, the impersonation does not persist and it reverts back to the real user.
Is there something else that I need to do using the API to do proper full-blown impersonation?
Thanks,
Chris
I have developed a custom portlet that displays a list of users and when selecting a user from the list, would allow the main user to impersonate the selected user.
The following code is how I have coded this part in the portlet:
public void changeUser(ActionRequest actionRequest, ActionResponse actionResponse) throws Exception {
//Get the selected Impersonated user ID from the form
long impUserId = ParamUtil.getInteger(actionRequest, "impUserId");
//Get the current instance's company to help build the URL for impersonation
ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(WebKeys.THEME_DISPLAY);
themeDisplay.setUser(UserLocalServiceUtil.getUser(impUserId));
Company company = themeDisplay.getCompany();
String companyUrl = company.getHomeURL();
String doAsURL = company.getHomeURL();
//Encrypt the selected impersonated user's ID
String encDoAsUserId = Encryptor.encrypt(company.getKeyObj(), String.valueOf(impUserId));
//Redirect the user to the impersonation URL
actionResponse.sendRedirect(doAsURL, encDoAsUserId);
}
This method is being referenced as a portlet:actionURL in my jsp's form.
Now this works when I've selected a user and it indeed impersonates the user, but when navigating to another page, the impersonation does not persist and it reverts back to the real user.
Is there something else that I need to do using the API to do proper full-blown impersonation?
Thanks,
Chris
Chris Chan, geändert vor 12 Jahren.
RE: Impersonation (via API) and Pages
Junior Member Beiträge: 39 Beitrittsdatum: 23.07.10 Neueste Beiträge
Just looking into this a little more, I see that the ThemeDisplay has the following method defined:
A couple of questions around this:
1. Do I just need to call this and the user will then begin to impersonate?
2. Is the doAsUserId string value that's being passed in the encrypted userId? I assume so, but the javadocs don't provide any information.
Thanks in advance!
Chris
public void setDoAsUserId(String doAsUserId)A couple of questions around this:
1. Do I just need to call this and the user will then begin to impersonate?
2. Is the doAsUserId string value that's being passed in the encrypted userId? I assume so, but the javadocs don't provide any information.
Thanks in advance!
Chris
Chris Chan, geändert vor 12 Jahren.
RE: Impersonation (via API) and Pages
Junior Member Beiträge: 39 Beitrittsdatum: 23.07.10 Neueste Beiträge
Ok, so I've figured it out and just putting how I got this working for future reference.
Essentially, in order to impersonate a user in Liferay via the API, you need to first have the userId and the companyId of the person being impersonated.
From there, you need to encrypt the userId which can be done by doing something similar to:
[codeString encDoAsUserId = Encryptor.encrypt(company.getKeyObj(), String.valueOf(oboId));]
where Encryptor is from com.liferay.util.Encryptor
Once you have the encrypted userId, you update the ThemeDisplay as follows:
It's as simple as that.
I wish there was some more documentation around this.
I also got some of my initial information from this thread:
http://www.liferay.com/community/forums/-/message_boards/message/7228942
Hope this helps!
Essentially, in order to impersonate a user in Liferay via the API, you need to first have the userId and the companyId of the person being impersonated.
From there, you need to encrypt the userId which can be done by doing something similar to:
[codeString encDoAsUserId = Encryptor.encrypt(company.getKeyObj(), String.valueOf(oboId));]
where Encryptor is from com.liferay.util.Encryptor
Once you have the encrypted userId, you update the ThemeDisplay as follows:
themeDisplay.setDoAsUserId(encDoAsUserId);It's as simple as that.
I wish there was some more documentation around this.
I also got some of my initial information from this thread:
http://www.liferay.com/community/forums/-/message_boards/message/7228942
Hope this helps!
Vishnu S Kumar, geändert vor 5 Jahren.
RE: Impersonation (via API) and Pages
Regular Member Beiträge: 131 Beitrittsdatum: 28.07.17 Neueste Beiträge
I implemented a sample portlet using the same code you have given and got the following error when going to the impersonate URL.
Unable to impersonate 36173 because the string cannot be decrypted