Spring's impersonation does not work on Vaadin

[tbee]

Description of the bug

Spring offers a default way of an administrator impersonating a regular user. This seems not to work on Vaadin-on-Spring because Authorization seems not to be setup yet in the start-impersonating request. More here https://vaadin.com/forum/t/how-to-do-impersonation-using-spring-security/167804

Expected behavior

Well, it should work 😄

Minimal reproducible example

On a Vaadin-on-Spring application with Spring security and login enabled: configure the SwitchUserServlet as per one of the many examples, preferable on GET (which makes test easier) and attempt an impersonation. Probably VaadinAwareSecurityContextHolderStrategy should be set as the strategy on the filter (but won't fix the problem).

https://stackoverflow.com/questions/72378146/user-impersonation-with-spring-security

Versions

• Vaadin / Flow version: 24.5.4
• Java version: 21
• OS version: not relevant
• Browser version (if applicable): not relevant
• Application Server (if applicable): not relevant
• IDE (if applicable): not relevant

[mshabarov]

This sounds to me more like an enhancement, however, we have to double check our integration with Spring Security, maybe there is something blocking this feature to work.

[tbee]

Assuming the integration with Spring security is supposed to encompass all standard functionality, than this should be supported IMHO.