anchela commented on code in PR #43:
URL:
https://github.com/apache/sling-org-apache-sling-jcr-resource/pull/43#discussion_r1605209974
##########
src/main/java/org/apache/sling/jcr/resource/internal/helper/jcr/JcrProviderStateFactory.java:
##########
@@ -111,7 +111,20 @@ private static Bundle extractCallingBundle(@NotNull
Map<String, Object> authenti
} else {
final Object subService =
authenticationInfo.get(ResourceResolverFactory.SUBSERVICE);
final String subServiceName = subService instanceof
String ? (String) subService : null;
- session = repo.loginService(subServiceName, null);
+ // let's shortcut the impersonation for service users,
if impersonation was requested
+ String sudoUser = getSudoUser(authenticationInfo);
+ if (sudoUser != null) {
+ SimpleCredentials creds = new
SimpleCredentials(sudoUser, new char[0]);
+
creds.setAttribute(ResourceResolver.USER_IMPERSONATOR, subServiceName == null ?
Review Comment:
why is that attribute needed?
SlingRepository.impersonateFromService just takes a credential object and
the method itself already implies that an impersonation is requested to be
performed.
the extra attribute is not needed afaik and the implementation of
SlingRepository.impersonateFromService that is executed in AEM and the default
in sling
(https://github.com/apache/sling-org-apache-sling-jcr-base/blob/master/src/main/java/org/apache/sling/jcr/base/AbstractSlingRepository2.java#L391-L427)
don't respect it. but maybe that explains my confusion with the comment (see
above)
##########
src/main/java/org/apache/sling/jcr/resource/internal/helper/jcr/JcrProviderStateFactory.java:
##########
@@ -111,7 +111,20 @@ private static Bundle extractCallingBundle(@NotNull
Map<String, Object> authenti
} else {
final Object subService =
authenticationInfo.get(ResourceResolverFactory.SUBSERVICE);
final String subServiceName = subService instanceof
String ? (String) subService : null;
- session = repo.loginService(subServiceName, null);
+ // let's shortcut the impersonation for service users,
if impersonation was requested
Review Comment:
the comment confuses me... what you are handling here is getServiceResolver
request that in addition comes with a hint that an impersonation should be
performed.... i.e. calling impersonateFromService instead of just loginService.
the first part 'impersonation for service users is the one that confuses
me.... impersonateFromService means that a service should perform an
impersonation of any user. from the osgi service (bundle/subservice) a given
specified user should be impersonated. it's not that the service user is in
charge here... it could be but that's an impl detail.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
