[
https://issues.apache.org/jira/browse/SLING-2325?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13184989#comment-13184989
]
Justin Edelson commented on SLING-2325:
---------------------------------------
IIUC, we can't close the session when using DavEx because DavEx needs an open
session to handle ObservationListeners. You can see this yourself in the Sling
IT test suite: don't set this attribute and we have test failures.
> SlingDavExServlet uses impersonation to get session. Doesn't work nicely if
> user doesn't have right to impersonate.
> -------------------------------------------------------------------------------------------------------------------
>
> Key: SLING-2325
> URL: https://issues.apache.org/jira/browse/SLING-2325
> Project: Sling
> Issue Type: Bug
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Christanto
> Assignee: Justin Edelson
> Priority: Blocker
> Labels: davex
> Fix For: JCR DavEx 1.1.0
>
>
> SlingDavExServlet uses impersonation to get session. Doesn't work nicely if
> user doesn't have right to impersonate.
> LoginException will be thrown: javax.jcr.LoginException: attempt to
> impersonate denied for <user>
> Code excerpt from SlingDavExServlet:
> final Session session = resolver.adaptTo(Session.class);
> // as the session might be longer used by davex than the request
> // we have to create a new session!
> if ( session != null ) {
> final Credentials credentials = new
> SimpleCredentials(session.getUserID(), EMPTY_PW);
> final Session newSession = session.impersonate(credentials);
> return newSession;
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
