    public class SwitchUserFilter
    extends org.springframework.web.filter.GenericFilterBean
    implements org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware
    Switch User processing filter responsible for user context switching.

    This filter is similar to Unix 'su' however for Spring Security-managed web applications. A common use-case for this feature is the ability to allow higher-authority users (e.g. ROLE_ADMIN) to switch to a regular user (e.g. ROLE_USER).

    This filter assumes that the user performing the switch will be required to be logged in as normal (i.e. as a ROLE_ADMIN user). The user will then access a page/controller that enables the administrator to specify who they wish to become (see switchUserUrl).

    Note: This URL will be required to have appropriate security constraints configured so that only users of that role can access it (e.g. ROLE_ADMIN).

    On a successful switch, the user's SecurityContext will be updated to reflect the specified user and will also contain an additional SwitchUserGrantedAuthority which contains the original user. Before switching, a check will be made on whether the user is already currently switched, and any current switch will be exited to prevent "nested" switches.

    To 'exit' from a user context, the user needs to access a URL (see exitUserUrl) that will switch back to the original user as identified by the ROLE_PREVIOUS_ADMINISTRATOR.

    To configure the Switch User Processing Filter, create a bean definition for the Switch User processing filter and add to the filterChainProxy. Note that the filter must come after the FilterSecurityInteceptor in the chain, in order to apply the correct constraints to the switchUserUrl. Example:

     <bean id="switchUserProcessingFilter" class="">
        <property name="userDetailsService" ref="userDetailsService" />
        <property name="switchUserUrl" value="/login/impersonate" />
        <property name="exitUserUrl" value="/logout/impersonate" />
        <property name="targetUrl" value="/index.jsp" />
      void afterPropertiesSet()  
      protected attemptExitUser​(javax.servlet.http.HttpServletRequest request)
      Attempt to exit from an already switched user.
      protected attemptSwitchUser​(javax.servlet.http.HttpServletRequest request)
      Attempt to switch to another user.
      void doFilter​(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)  
      protected boolean requiresExitUser​(javax.servlet.http.HttpServletRequest request)
      Checks the request URI for the presence of exitUserUrl.
      protected boolean requiresSwitchUser​(javax.servlet.http.HttpServletRequest request)
      Checks the request URI for the presence of switchUserUrl.
      void setApplicationEventPublisher​(org.springframework.context.ApplicationEventPublisher eventPublisher)  
      void setAuthenticationDetailsSource​(<javax.servlet.http.HttpServletRequest,​?> authenticationDetailsSource)  
      void setExitUserMatcher​(RequestMatcher exitUserMatcher)
      Set the matcher to respond to exit user processing.
      void setExitUserUrl​(java.lang.String exitUserUrl)
      Set the URL to respond to exit user processing.
      void setFailureHandler​(AuthenticationFailureHandler failureHandler)
      Used to define custom behaviour when a switch fails.
      void setMessageSource​(org.springframework.context.MessageSource messageSource)  
      void setSecurityContextHolderStrategy​( securityContextHolderStrategy)
      Sets the SecurityContextHolderStrategy to use.
      void setSuccessHandler​(AuthenticationSuccessHandler successHandler)
      Used to define custom behaviour on a successful switch or exit user.
      void setSwitchAuthorityRole​(java.lang.String switchAuthorityRole)
      Allows the role of the switchAuthority to be customized.
      void setSwitchFailureUrl​(java.lang.String switchFailureUrl)
      Sets the URL to which a user should be redirected if the switch fails.
      void setSwitchUserAuthorityChanger​(SwitchUserAuthorityChanger switchUserAuthorityChanger)  
      void setSwitchUserMatcher​(RequestMatcher switchUserMatcher)
      Set the matcher to respond to switch user processing.
      void setSwitchUserUrl​(java.lang.String switchUserUrl)
      Set the URL to respond to switch user processing.
      void setTargetUrl​(java.lang.String targetUrl)
      Sets the URL to go to after a successful switch / exit user request.
      void setUserDetailsChecker​( userDetailsChecker)
      Sets the UserDetailsChecker that is called on the target user whenever the user is switched.
      void setUserDetailsService​( userDetailsService)
      Sets the authentication data access object.
      void setUsernameParameter​(java.lang.String usernameParameter)
      Allows the parameter containing the username to be customized.
        public static final java.lang.String SPRING_SECURITY_SWITCH_USERNAME_KEY
        public static final java.lang.String ROLE_PREVIOUS_ADMINISTRATOR
      SwitchUserFilter

        public SwitchUserFilter()
      afterPropertiesSet

        public void afterPropertiesSet()
        public void doFilter​(javax.servlet.ServletRequest request,
                             javax.servlet.ServletResponse response,
                             javax.servlet.FilterChain chain)
      attemptSwitchUser

        protected attemptSwitchUser​(javax.servlet.http.HttpServletRequest request)
        Attempt to switch to another user. If the user does not exist or is not active, return null.
        The new Authentication request if successfully switched to another user, null otherwise.
        Throws: - If the target user is not found. - if the account is locked. - If the target user is disabled. - If the target user account is expired. - If the target user credentials are expired.
      attemptExitUser

        protected attemptExitUser​(javax.servlet.http.HttpServletRequest request)
        Attempt to exit from an already switched user.
        request - The http servlet request
        The original Authentication object or null otherwise.
        Throws: - If no Authentication associated with this request.
      requiresExitUser

        protected boolean requiresExitUser​(javax.servlet.http.HttpServletRequest request)
        Checks the request URI for the presence of exitUserUrl.
        request - The http servlet request
        true if the request requires a exit user, false otherwise.
      requiresSwitchUser

        protected boolean requiresSwitchUser​(javax.servlet.http.HttpServletRequest request)
        Checks the request URI for the presence of switchUserUrl.
        request - The http servlet request
        true if the request requires a switch, false otherwise.
      setApplicationEventPublisher

        public void setApplicationEventPublisher​(org.springframework.context.ApplicationEventPublisher eventPublisher)
      setAuthenticationDetailsSource

        public void setAuthenticationDetailsSource​(<javax.servlet.http.HttpServletRequest,​?> authenticationDetailsSource)
      setMessageSource

        public void setMessageSource​(org.springframework.context.MessageSource messageSource)
      setUserDetailsService

        public void setUserDetailsService​( userDetailsService)
        Sets the authentication data access object.
        userDetailsService - The UserDetailsService which will be used to load information for the user that is being switched to.
      setExitUserUrl

        public void setExitUserUrl​(java.lang.String exitUserUrl)
        Set the URL to respond to exit user processing. This is a shortcut for setExitUserMatcher(RequestMatcher).
        exitUserUrl - The exit user URL.
      setExitUserMatcher

        public void setExitUserMatcher​(RequestMatcher exitUserMatcher)
        Set the matcher to respond to exit user processing.
        exitUserMatcher - The exit matcher to use.
      setSwitchUserUrl

        public void setSwitchUserUrl​(java.lang.String switchUserUrl)
        Set the URL to respond to switch user processing. This is a shortcut for setSwitchUserMatcher(RequestMatcher)
        switchUserUrl - The switch user URL.
      setSwitchUserMatcher

        public void setSwitchUserMatcher​(RequestMatcher switchUserMatcher)
        Set the matcher to respond to switch user processing.
        switchUserMatcher - The switch user matcher.
      setTargetUrl

        public void setTargetUrl​(java.lang.String targetUrl)
        Sets the URL to go to after a successful switch / exit user request. Use setSuccessHandler instead if you need more customized behaviour.
        targetUrl - The target url.
      setSuccessHandler

        public void setSuccessHandler​(AuthenticationSuccessHandler successHandler)
        Used to define custom behaviour on a successful switch or exit user.

        Can be used instead of setting targetUrl.

      setSwitchFailureUrl

        public void setSwitchFailureUrl​(java.lang.String switchFailureUrl)
        Sets the URL to which a user should be redirected if the switch fails. For example, this might happen because the account they are attempting to switch to is invalid (the user doesn't exist, account is locked etc).

        If not set, an error message will be written to the response.

        Use failureHandler instead if you need more customized behaviour.

        switchFailureUrl - the url to redirect to.
      setFailureHandler

        public void setFailureHandler​(AuthenticationFailureHandler failureHandler)
        Used to define custom behaviour when a switch fails.

        Can be used instead of setting switchFailureUrl.

      setSwitchUserAuthorityChanger

        public void setSwitchUserAuthorityChanger​(SwitchUserAuthorityChanger switchUserAuthorityChanger)
        switchUserAuthorityChanger - to use to fine-tune the authorities granted to subclasses (may be null if SwitchUserFilter should not fine-tune the authorities)
      setUserDetailsChecker

        public void setUserDetailsChecker​( userDetailsChecker)
        Sets the UserDetailsChecker that is called on the target user whenever the user is switched.
        userDetailsChecker - the UserDetailsChecker that checks the status of the user that is being switched to. Defaults to AccountStatusUserDetailsChecker.
      setUsernameParameter

        public void setUsernameParameter​(java.lang.String usernameParameter)
        Allows the parameter containing the username to be customized.
        usernameParameter - the parameter name. Defaults to username
      setSwitchAuthorityRole

        public void setSwitchAuthorityRole​(java.lang.String switchAuthorityRole)
        Allows the role of the switchAuthority to be customized.
        switchAuthorityRole - the role name. Defaults to ROLE_PREVIOUS_ADMINISTRATOR
      setSecurityContextHolderStrategy

        public void setSecurityContextHolderStrategy​( securityContextHolderStrategy)
        Sets the SecurityContextHolderStrategy to use. The default action is to use the SecurityContextHolderStrategy stored in SecurityContextHolder.