rombert commented on code in PR #78: URL: https://github.com/apache/sling-org-apache-sling-resourceresolver/pull/78#discussion_r941330770
########## src/main/java/org/apache/sling/resourceresolver/impl/console/ResourceResolverWebConsolePlugin.java: ########## @@ -255,19 +278,42 @@ protected void doPost(HttpServletRequest request, // finally redirect final String path = request.getContextPath() + request.getServletPath() + request.getPathInfo(); - final String redirectTo; + String redirectTo; if (msg == null) { redirectTo = path; } else { redirectTo = path + '?' + PAR_MSG + '=' + encodeParam(msg) + '&' + PAR_TEST + '=' + encodeParam(test); + if ( user != null && user.length() > 0 ) { + redirectTo += '&' + PAR_USER + '=' + encodeParam(user); + } } response.sendRedirect(redirectTo); } + private ResourceResolver getImpersonatedResourceResolver(HttpServletRequest request, final String user) + throws LoginException { + + // resolver is set by the auth.core bundle in case of successful authentication, so it should + // always be there + Object resolverAttribute = request.getAttribute(AuthenticationSupport.REQUEST_ATTRIBUTE_RESOLVER); Review Comment: Looking at the Oak implementation, I see that impersonation works if either: - the impersonator is an admin - the impersonator is included in the `rep:impersonators` property of the impersonated user https://github.com/apache/jackrabbit-oak/blob/a90566744551246535f65c2aefc5a44fd5275490/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java#L125-L146 I am not sure if either of these is possible or desireable for a service user. Do you see another way? ########## src/main/java/org/apache/sling/resourceresolver/impl/console/ResourceResolverWebConsolePlugin.java: ########## @@ -255,19 +278,42 @@ protected void doPost(HttpServletRequest request, // finally redirect final String path = request.getContextPath() + request.getServletPath() + request.getPathInfo(); - final String redirectTo; + String redirectTo; if (msg == null) { redirectTo = path; } else { redirectTo = path + '?' + PAR_MSG + '=' + encodeParam(msg) + '&' + PAR_TEST + '=' + encodeParam(test); + if ( user != null && user.length() > 0 ) { + redirectTo += '&' + PAR_USER + '=' + encodeParam(user); + } } response.sendRedirect(redirectTo); } + private ResourceResolver getImpersonatedResourceResolver(HttpServletRequest request, final String user) + throws LoginException { + + // resolver is set by the auth.core bundle in case of successful authentication, so it should + // always be there + Object resolverAttribute = request.getAttribute(AuthenticationSupport.REQUEST_ATTRIBUTE_RESOLVER); Review Comment: Looking at the Oak implementation, I see that impersonation works if either: - the impersonator is an admin - the impersonator is included in the `rep:impersonators` property of the impersonated user https://github.com/apache/jackrabbit-oak/blob/a90566744551246535f65c2aefc5a44fd5275490/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java#L125-L146 I am not sure if either of these is possible or desirable for a service user. Do you see another way? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org