mshabarov
commented
3 days ago This sounds to me more like an enhancement, however, we have to double check our integration with Spring Security, maybe there is something blocking this feature to work.
Open tbee opened 4 days ago
mshabarov
commented
3 days ago This sounds to me more like an enhancement, however, we have to double check our integration with Spring Security, maybe there is something blocking this feature to work.
tbee
commented
3 days ago Assuming the integration with Spring security is supposed to encompass all standard functionality, than this should be supported IMHO.
Description of the bug
Spring offers a default way of an administrator impersonating a regular user. This seems not to work on Vaadin-on-Spring because Authorization seems not to be setup yet in the start-impersonating request. More here https://vaadin.com/forum/t/how-to-do-impersonation-using-spring-security/167804
Expected behavior
Well, it should work 😄
Minimal reproducible example
On a Vaadin-on-Spring application with Spring security and login enabled: configure the SwitchUserServlet as per one of the many examples, preferable on GET (which makes test easier) and attempt an impersonation. Probably VaadinAwareSecurityContextHolderStrategy should be set as the strategy on the filter (but won't fix the problem).
https://stackoverflow.com/questions/72378146/user-impersonation-with-spring-security
Versions