Enable user impersonation


Overview

The impersonation feature lets you access another user's system as though you are that user. The impersonation feature lets you view new pages, portlets, and other portal components. Users such as support specialists can use the impersonation feature to find issues and errors. For example, if a portal administrator has encountered a problem that he or she cannot resolve, a support specialist can enable the impersonation feature and access that portal administrator's system to determine a solution to the problem. You can use the default Impersonation portlet to impersonate specific users. Alternatively, you can create a resource environment provider to enable impersonation and develop a custom portlet for impersonating users. Portal Access Control provides the ability to impersonate other users. For this reason, assign the Can Run As User role to the user you plan to impersonate after you enable the impersonation feature.

Client side aggregation does not support user impersonation. For this reason, ensure you do not activate client side aggregation on any portal pages where the impersonation portlet is deployed.

When a user who is enabled for impersonation impersonates other users, the people awareness feature is disabled for the entire session for which that user is authenticated.

You cannot impersonate the to the currently logged-in user. In other words, a user cannot impersonate to itself.


Enable user impersonation

  1. Log on to the WebSphere Application Server or Network Deployment Administration Console and go to...

      Resources | Resource Environment | Resource Environment Providers | WP AuthenticationService | Custom Properties | New

  2. For Name, set...

      logout.explicit.filterchain

    For Value, set...

      com.ibm.wps.auth.impersonation.impl.ImpersonationLogoutFilter

  3. Click Apply and Save

  4. Navigate to...

  5. For Name:

      jndi.com.ibm.portal.portlet.service.impersonation.ImpersonationService

    For Value:

      com.ibm.wps.portletservice.impersonation.impl.ImpersonationServiceImpl

  6. Apply and Save

  7. Stop and restart the WebSphere_Portal server.

  8. If you migrated from a previous version of WebSphere Portal that was using the Impersonation portlet:

    1. Log on to WebSphere Portal as the administrator and go to...

        Web Modules | Administration | Install | Browse

      .and navigate to...

        $PORTAL_HOME/ap/wp.ap.impersonation/installableApps/impersonation.war

    2. Click Next...

    3. If necessary, update the following fields:

      • Enterprise Application display name
      • Context root
      • Start application

    4. Click Finish

  9. If you do not want to use the WebSphere Portal Impersonation portlet, use the following sample to develop a portlet to impersonate users:

      import com.ibm.portal.portlet.service.impersonation.ImpersonationService;
      import com.ibm.portal.portlet.service.PortletServiceHome;
      
      public class MyImpersonationPortlet extends GenericPortlet
      {
          private PortletServiceHome psh;
      
          @Override
          public void init() throws PortletException
          {
              try
              {
                  javax.naming.Context ctx = new javax.naming.InitialContext();
                  psh = (PortletServiceHome) ctx.lookup(ImpersonationService.JNDI_NAME);
              } catch (Exception ex)
              {
                  // error handling
              }
          }
      
          @Override
          public void processAction(ActionRequest request, ActionResponse response) 
          throws PortletException, IOException
          {
              // obtain the service object and use the service
              ImpersonationService impersonationService = (ImpersonationService)
              psh.getPortletService(ImpersonationService.class);
              try
              {
              impersonationService.doImpersonate(request, response, stringuserDN);
              } catch (Exception e)
              {
                  // error handling
              }
          }
      }
      
      

      You can enter the information for the user you want to impersonate in the stringuserDN. Alternatively, you can use the PUMA SPI User object.

      The impersonation feature becomes active with the next request.

  10. Assign the Can Run As User role to the appropriate user:

    1. Log on to WebSphere Portal as an administrator and go to....

        Administration | Access | User and Group Permissions | Users

    2. Search for the user you want to assign as Can Run As User.

    3. Click the icon, Select Resource Type, for the required user.

    4. Navigate to the page that contains the Virtual Resources option, using the Page Next button and click that link.

    5. Navigate to the page that contains the USERS option and click the Assign Access icon.

    6. Select the Explicitly Assign check box for the Can Run As User role.

    7. Click OK.

    8. Verify that the required user now has User and Can Run As User access.

The user(s) with the Can Run As User role can now impersonate another user.

Parent: Users and groups

Related concepts

Controlling access
Auditing

Related tasks

Install a portlet

Related information

Users and groups


+

Search Tips   |   Advanced Search