Pima Community College has created a User Switcher tool that allows Cascade Server administrators to log in as another user without a password. Learn how the User Switcher works and how you can use it in your own CMS!
4. The easy part
<form method="POST" action="doSwitch.jsp">
Who do you want to be today?<br />
<input type="text" name="wannabe" />
<input type="submit" value="Go" />
</form>
5. Check the submitted data
if (wannabe == null)
{
response.sendRedirect("index.jsp");
}
/*
dunno what happens if you try to log in as
username “!@$#!''%%--!#”.
*/
wannabe = wannabe.replaceAll("[^-w]", "");
String wannabe = request.getParameter("wannabe");
9. Verify role with RoleService
if (!roleService.userHasRoleByRolename(
username,"Administrator"
)){
err = "Only Administrators can do that!";
}
com.hannonhill.cascade.model.service.RoleService
11. ...and login !
{
performLoginBean.login(request, response,
wannabe);
}
catch (Exception e)
{
err = "<p>A problem occurred logging you in! “
+ "Did you enter an incorrect username?</p>“
+ " <a href="index.jsp">Try again</a>";
}
try
12. Gotchas
Logs out the user if logged in elsewhere
No tracking or auditing of switch (yet?)
Once switched, actions attributed to new user
If you switch to non-admin, you can’t switch
back!
13. Where does the code go?
Create new directory inside Cascade install
[tomcat]/webapps/ROOT/pccCustom
https://myCMS/pccCustom/path
CMS login required!
Prevents loss during CMS upgrade / accidental overwrites
of Cascade Server code