How to make an app to impersonate a user

[tab:Actions]

Requirements

 

In order to use this service, the application must have the attribute canDisguise, which can be enabled by using the web service updateApp, located in the appsadmin package of xadmin.

 

Make an app to impersonate a user

 

In some integration projects it may be necessary to operate on the content or folders while preserving the identity of THRON users. This is possible thanks to the web service su of the apps package which is located in xadmin. This service makes it possible for applications to impersonate business users thus invoking specific web services and apply changes to content or folders. All the audit generated from these requests will be ascribed to the user personified by the application.

Required parameters to be included in the body of the request are:

  • clientId:compiled using the service code name (usually company name)
  • appId: the identification code of the application you want to use to personify a business user, can be obtained by using the appsList webservice of xadmin.
  • username: the username of the business user you want to make the app personify.
  • appKey: the application's secret key must be provided (if enabled) in order to authenticate.

 

Special case: integration with AD Connector

 

In case the integration with Active Directory has been enabled through the dedicated application available in the Marketplace, you must pay particular attention when it comes to using the "su" command to impersonate synchronized users. As a matter of fact, AD has its own usernames managed by different rules from those used by THRON, in particular they may change over time and can be deleted and recreated. AD connector, when creating THRON users, tries to make the AD username equal to the THRON username, however if the THRON username is already taken, it creates a different THRON username and links it to the AD username.

This is the reason why, before invoking "su" for usernames linked to AD users you should invoke a findByProperties to extract all THRON usernames related to the desired AD user and select the one to be used by the application.

[/tab] [tab:Code Samples] [dropdown:REST - MAKE AN APP PERSONIFY A USER USING "SU"]

You can test this functionality in our Developer Center.

In the body of the request you can paste this JSON, replacing required parameters.


{
    "clientId": "",
    "appId": "",
    "username": "",
    "appKey": ""
}    

[/dropdown] [dropdown:JAVA - MAKE AN APP PERSONIFY A USER USING "SU"]


import it.newvision.nvp.xadmin.services.model.request.MAppssuReq;
import it.newvision.nvp.xadmin.services.rest.JAppsClient;
import org.codehaus.jackson.map.ObjectMapper;


/**
 * Created by THRON s.p.a. on 18/12/14.
 */
public class app_su {

 public static void main(String[] args) {

  /*SETUP FILE*/
  String clientId = "<YOUR_CLIENTID_HERE>";
  String appId = "<APP_ID_HERE>";
  String suUserName = "<USERNAME_HERE>";
  String appKey = "<APP_KEY_HERE>";
  //init object
  ObjectMapper mapper = new ObjectMapper();
  try {
   JAppsClient login = new JAppsClient("http://" + clientId + "-view.thron.com/api/xadmin/resources");
   //param
   MAppssuReq param = new MAppssuReq();
   //set param
   param.setAppId(appId);
   param.setClientId(clientId);
   param.setUsername(suUserName);
   param.setAppKey(appKey);
   String ris = login.su(null, param, null);
   //RESULT THRON
   System.out.println(mapper.writeValueAsString(ris));
  } catch (Exception e) {
   //error file THRON
   System.out.println(e);
  }
 }
}    

[/dropdown] [dropdown:PHP - MAKE AN APP PERSONIFY A USER USING "SU"]


<?php
// #########################################
// CONFIG
// #########################################
// client
$client_idTHRON = '<YOUR_CLIENTID_HERE>';
// username
$username = "<USERNAME_HERE>";
// appid
$app_id = '<APP_ID_HERE>';
// appKey
$app_key = '<APP_KEY_HERE>';
// #########################################
// MAIN
// #########################################
$url = "http://" . $client_idTHRON . "-view.thron.com/api/xadmin/resources/apps/su";
$body = array(
    "clientId" => $client_idTHRON,
    "appId" => $app_id,
    "username" => $username,
        "appKey" => $app_key    
);
$header = array(
    "Content-Type: application/json"
);
// echo $body;
$request = json_encode($body);
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
curl_setopt($curl, CURLOPT_POSTFIELDS, $request);
$curlRes = curl_exec($curl);
// echo $curlRes;
$curlResInfo = curl_getinfo($curl);
curl_close($curl);
$resHeadersString = substr($curlRes, 0, $curlResInfo['header_size']);
$token = substr($curlRes, $curlResInfo['header_size']);
// #########################################
// output
echo "<br />Result:<br />";
print_r($token);
?>    

[/dropdown][/tab]

Was this article helpful?
1 out of 1 found this helpful

Have any question?

Open a ticket
Comments