[ https://issues.apache.org/jira/browse/JCRVLT-515?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17325785#comment-17325785 ]
Konrad Windszus commented on JCRVLT-515: ---------------------------------------- [~angela] Extending Jackrabbit API may be good in the mid-term but for now I would rather rely on the Oak API (in case the repo is Oak). Is there any way to get Oak entities from their JCR objects without using reflection? I was hoping that {{SessionImpl}} would expose the underlying {{ContentSession}} but there isn't any getter method in https://github.com/apache/jackrabbit-oak/blob/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/SessionImpl.java. > AdminPermissionChecker should evaluate all principals bound to the Session > -------------------------------------------------------------------------- > > Key: JCRVLT-515 > URL: https://issues.apache.org/jira/browse/JCRVLT-515 > Project: Jackrabbit FileVault > Issue Type: Improvement > Components: vlt > Reporter: Konrad Windszus > Priority: Major > Fix For: 3.4.12 > > > Currently the AdminPermissionChecker only evaluates the session-bound user id > in > https://github.com/kwin/jackrabbit-filevault/blob/49e3c2179c18e0552e49b0671843d85d045ebf48/vault-core/src/main/java/org/apache/jackrabbit/vault/packaging/impl/AdminPermissionChecker.java#L54. > This does not work well with principal based login (like with Sling Service > Authentication) as in general only the first principal is returned (in case > it is backed by a real JCR user). Instead one should leverage > {{org.apache.jackrabbit.api.security.principal.PrincipalManager}} to retrieve > all principals bound to the session and check that at least one is the > administrator. -- This message was sent by Atlassian Jira (v8.3.4#803005)