18 Customizing WebCenter Portal Impersonation Security

Use a set of WebCenter Portal Impersonation Expression Language expressions and a matching Impersonation API to customize impersonation sessions.

Topics:

About Customizing WebCenter Portal Impersonation

WebCenter Portal Impersonation lets designated users impersonate other portal users and perform operations as those users. You can customize those sessions using a set of WebCenter Portal Impersonation Expression Language expressions (ELs) and a matching Java API

For instructions on how to initiate an impersonation session (by the impersonator) and how to allow an Impersonation session (by the impersonatee), see Using WebCenter Portal Impersonation in Using Portals in Oracle WebCenter Portal.

Using the WebCenter Portal Impersonation ELs

WebCenter Portal Impersonation offers a set of Expression Language expressions (ELs) that can be used to customize impersonation sessions.

The following ELs are exposed:

  • #{WCSecurityContext.impersonationConfigured} - returns whether or not impersonation has been enabled for the current domain

    This EL can be useful when determining if an error was caused by an impersonation session ending prematurely, or to provide an additional indicator that a session has ended.

  • #{WCSecurityContext.userInImpersonationSession} - returns whether the current user is in an impersonation session or not.

    You can use this EL to protect content and render it inaccessible during an impersonation session. For example, you could map the rendered attribute of an administration taskflow on a page to this EL only rendering the taskflow if the user is not viewing the taskflow in an impersonation session.

  • #{WCSecurityContext.currentImpersonator} - returns the current impersonator, if any.

    This EL could be used to modify the page template to display the impersonator or render content accessible only to a particular impersonator.

For more information about impersonation and other ELs, refer to ELs Related to Impersonation.

Using the WebCenter Portal Impersonation APIs

WebCenter Portal Impersonation also Java APIs that can be used to customize impersonation sessions.

The following public APIs are exposed in oracle.webcenter.security.common.WCSecurityUtility:

  • isImpersonationConfigured() - returns whether or not impersonation has been enabled for the current domain.

    This API can be useful to determine if an error was caused by an impersonation session ending prematurely, or to provide an additional indicator that a session has ended.

  • isUserInImpersonationSession() - returns whether the current user is in an impersonation session or not.

    This API is recommended for use to protect content and render it inaccessible during an impersonation session. For example, you could map the rendered attribute of an administration taskflow on a page to this API throwing an authorization exception or returning an empty list if the user is viewing the taskflow in an impersonation session.

  • getCurrentImpersonatorId() - returns the current impersonator, if any.

    This API could be used to modify the page template to display the impersonator (as shown in the example below), or render some content accessible only to a particular impersonator.

For more information about these and other APIs, refer to WebCenter Portal Javadoc API Java API Reference for Oracle WebCenter Portal.

Example: getCurrentImpersonatorId API

import oracle.webcenter.security.common.WCSecurityUtility;
if (WCSecurityUtility.isUserInImpersonationSession())
{
 String impersonator =WCSecurityUtility.getCurrentImpersonatorId();
 String currentUser =ADFContext.getCurrent().getSecurityContext().getUserName();
 //Code to be executed when the user is in an impersonation session.
 ..log("User " +impersonator +" is impersonating as user " +currentUser); 
}