anchela commented on code in PR #43: URL: https://github.com/apache/sling-org-apache-sling-jcr-resource/pull/43#discussion_r1605209974
########## src/main/java/org/apache/sling/jcr/resource/internal/helper/jcr/JcrProviderStateFactory.java: ########## @@ -111,7 +111,20 @@ private static Bundle extractCallingBundle(@NotNull Map<String, Object> authenti } else { final Object subService = authenticationInfo.get(ResourceResolverFactory.SUBSERVICE); final String subServiceName = subService instanceof String ? (String) subService : null; - session = repo.loginService(subServiceName, null); + // let's shortcut the impersonation for service users, if impersonation was requested + String sudoUser = getSudoUser(authenticationInfo); + if (sudoUser != null) { + SimpleCredentials creds = new SimpleCredentials(sudoUser, new char[0]); + creds.setAttribute(ResourceResolver.USER_IMPERSONATOR, subServiceName == null ? Review Comment: why is that attribute needed? SlingRepository.impersonateFromService just takes a credential object and the method itself already implies that an impersonation is requested to be performed. the extra attribute is not needed afaik and the implementation of SlingRepository.impersonateFromService that is executed in AEM and the default in sling (https://github.com/apache/sling-org-apache-sling-jcr-base/blob/master/src/main/java/org/apache/sling/jcr/base/AbstractSlingRepository2.java#L391-L427) don't respect it. but maybe that explains my confusion with the comment (see above) ########## src/main/java/org/apache/sling/jcr/resource/internal/helper/jcr/JcrProviderStateFactory.java: ########## @@ -111,7 +111,20 @@ private static Bundle extractCallingBundle(@NotNull Map<String, Object> authenti } else { final Object subService = authenticationInfo.get(ResourceResolverFactory.SUBSERVICE); final String subServiceName = subService instanceof String ? (String) subService : null; - session = repo.loginService(subServiceName, null); + // let's shortcut the impersonation for service users, if impersonation was requested Review Comment: the comment confuses me... what you are handling here is getServiceResolver request that in addition comes with a hint that an impersonation should be performed.... i.e. calling impersonateFromService instead of just loginService. the first part 'impersonation for service users is the one that confuses me.... impersonateFromService means that a service should perform an impersonation of any user. from the osgi service (bundle/subservice) a given specified user should be impersonated. it's not that the service user is in charge here... it could be but that's an impl detail. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org