[
https://issues.apache.org/jira/browse/SLING-2325?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13187601#comment-13187601
]
Felix Meschberger edited comment on SLING-2325 at 1/17/12 12:05 PM:
--------------------------------------------------------------------
Potential solutions:
* Fix Jackrabbit DavEx
* Grante Impersonation privilege to self to all users
* Use a temporary admin session to impersonate as the target user (thanks
Carsten Ziegeler)
So we could do this:
final Session session = resolver.adaptTo(Session.class);
if ( session != null ) {
final Credentials credentials = new SimpleCredentials(session.getUserID(),
EMPTY_PW);
try {
final Session newSession = session.impersonate(credentials);
return newSession;
} catch (RepositoryException re) {
final Session adminSession =
slingRepository.loginAdministrative(session.getWorkspace().getName());
try {
return adminSession.impersonate(credentials);
} finally {
adminSession.logout();
}
}
}
was (Author: fmeschbe):
Potential solutions:
* Fix Jackrabbit DavEx
* Grante Impersonation privilege to self to all users
* Use a temporary admin session to impersonate as the target user (thanks
Carsten Ziegeler)
So we could do this:
final Session session = resolver.adaptTo(Session.class);
if ( session != null ) {
final Credentials credentials = new SimpleCredentials(session.getUserID(),
EMPTY_PW);
try {
final Session newSession = session.impersonate(credentials);
return newSession;
} catch (RepositoryException re) {
final Session adminSession =
slingRepository.loginAdministrative(session.getWorkspace().getName());
return adminSession.impersonate(credentials);
}
}
> SlingDavExServlet uses impersonation to get session. Doesn't work nicely if
> user doesn't have right to impersonate.
> -------------------------------------------------------------------------------------------------------------------
>
> Key: SLING-2325
> URL: https://issues.apache.org/jira/browse/SLING-2325
> Project: Sling
> Issue Type: Bug
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Christanto
> Assignee: Justin Edelson
> Priority: Blocker
> Labels: davex
> Fix For: JCR DavEx 1.1.0
>
>
> SlingDavExServlet uses impersonation to get session. Doesn't work nicely if
> user doesn't have right to impersonate.
> LoginException will be thrown: javax.jcr.LoginException: attempt to
> impersonate denied for <user>
> Code excerpt from SlingDavExServlet:
> final Session session = resolver.adaptTo(Session.class);
> // as the session might be longer used by davex than the request
> // we have to create a new session!
> if ( session != null ) {
> final Credentials credentials = new
> SimpleCredentials(session.getUserID(), EMPTY_PW);
> final Session newSession = session.impersonate(credentials);
> return newSession;
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
