[GitHub] [sling-org-apache-sling-resourceresolver] cziegeler commented on a diff in pull request #78: Various improvements for the webconsole plugin

Mon, 08 Aug 2022 00:30:47 -0700 


cziegeler commented on code in PR #78:
URL: 
https://github.com/apache/sling-org-apache-sling-resourceresolver/pull/78#discussion_r939910723


##########
src/main/java/org/apache/sling/resourceresolver/impl/console/ResourceResolverWebConsolePlugin.java:
##########
@@ -255,19 +278,42 @@ protected void doPost(HttpServletRequest request,
         // finally redirect
         final String path = request.getContextPath() + request.getServletPath()
         + request.getPathInfo();
-        final String redirectTo;
+        String redirectTo;
         if (msg == null) {
             redirectTo = path;
         } else {
             redirectTo = path + '?' + PAR_MSG + '=' + encodeParam(msg) + '&'
                     + PAR_TEST + '=' + encodeParam(test);
+                if ( user != null && user.length() > 0 ) {
+                    redirectTo += '&' + PAR_USER + '=' + encodeParam(user);
+                }
         }
         response.sendRedirect(redirectTo);
     }
 
+    private ResourceResolver 
getImpersonatedResourceResolver(HttpServletRequest request, final String user)
+            throws LoginException {
+
+        // resolver is set by the auth.core bundle in case of successful 
authentication, so it should
+        // always be there
+        Object resolverAttribute = 
request.getAttribute(AuthenticationSupport.REQUEST_ATTRIBUTE_RESOLVER);
+        if ( !(resolverAttribute instanceof ResourceResolver) ) {
+            throw new IllegalArgumentException("No " + 
ResourceResolver.class.getSimpleName() + " found in request, unable to proceed 
with impersonation");
+        }
+
+        @SuppressWarnings("resource") // not a leak, we don't own this resolver
+        ResourceResolver currentResolver = (ResourceResolver) 
resolverAttribute;
+
+        Map<String, Object> authenticationInfo = new HashMap<>();
+        authenticationInfo.put(ResourceResolverFactory.USER_IMPERSONATION, 
user);
+        
authenticationInfo.put(JcrResourceConstants.AUTHENTICATION_INFO_SESSION, 
currentResolver.adaptTo(Session.class));

Review Comment:
   The import of JCR packages is optional, I assume the above code does not 
work if the JCR bundle is not installed?
   We should keep that dependency as optional and not require JCR api to be 
installed



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to