This blog provides a different approach on implementing impersonation in portal applications. Impersonation, as we know, is a Portlet service, which lets the user (A) access the portal application as another user (B) by logging in as him or her (B). Out-Of-Box Impersonation Portlet provided by WebSphere Portal lacks flexibility and customization features specific to the requirement of the application.
There are 2 steps in implementing our custom impersonation Portlet:
i) Creating a Portlet and implementing impersonation in action phase:
The following snippet use Sprint Portlet MVC annotations. Impersonation Service provided WebSphere Portal has two impersonate method. We use the one whose parameters are PortletRequest, PortletResponse and userDN. The first two parameters can be obtained in the action phase while the userDN we get it from the LDAP by passing the userID (of the user whom we are going to impersonate) using PUMA services.
The following is the sequence of getting a userDN using the userId:
- Create an Object Map with key as “uid” and value as the userId.
- Use PumaLocator’s findUsersByQuery(query) and get the com.ibm.portal.um.User list, where query is a string which contains User attributes in specific format eg –> = ‘wpadmin’ and uid = ‘userId’.
Get the userDN by invoking the getIdentifier method of PumaProfile as shown below by passing the com.ibm.portal.um.User object retrieved above.
The Portlet is then deployed to the WebSphere Portal server in a usual manner, added to a new page. We are not going to use this page in our application, but, we export the page using xmlAccess to get the details about the impersonation portlet it holds.
ii) Use Xml Access and invoke the action phase of the Portlet:
This step involves invocation of the action phase of the Portlet from the themes. The themes holds the link which when clicked will invoke the action method of the Portlet. An eminent approach is to have a drop down list containing list of sub-users for the logged in super-user (A parent user logged in can have his/her children’s list). This can be populated from a service returning list of sub-users (user B) by passing the super-user (user A).
The page containing the impersonation Portlet created above is exported as an xml file using XmlAccess in Portal Administration. As shown below,
Export the Page as Xml –
Make the following changes to the exported xml file:
1) Search for the <component> tag which contains <portletinstance> in the exported xml file. Change the value of the attribute called “uniquename”. Provide a unique value since this will be used in themes later. The sample snippet of the exported xml to modify is shown below.
2) Import the modified xml file as shown below,
User and Groups Permission to modify –
- The super-user (user A) should be added to a SuperUser group.
- The SuperUser group should have the following roles,
- Can Run as User
- User
- Delegator
Invoke the action phase from themes –
Now that our impersonation Portlet is implemented and modified to hold a unique name, we have to invoke the action phase of the Portlet which holds the impersonation implementation. The <portal-navigation:urlGeneration> provided by WebSphere Portal creates URL to pages or portlets. We use this feature to invoke the impersonation Portlet by passing the userId (sub-user: “userB”) which is to be impersonated as shown below,
Thus on clicking the hypertext reference (href), we invoke the action phase which implements the impersonation for the user it receives as a parameter. The above implementation will help us create custom and flexible impersonation implementation in a Portal application.
Follow Perficient on LinkedIn here.