[
https://issues.apache.org/jira/browse/SLING-2325?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13192517#comment-13192517
]
Justin Edelson commented on SLING-2325:
---------------------------------------
OK, I'll cry uncle.... and give up on having support for long lived sessions in
the framework.
But, this solution now seems too fragile. I'd rather we did the admin
impersonate trick all the time. I'd hate for an implementation change on the JR
side to cause this to break again.
WDYT?
> SlingDavExServlet uses impersonation to get session. Doesn't work nicely if
> user doesn't have right to impersonate.
> -------------------------------------------------------------------------------------------------------------------
>
> Key: SLING-2325
> URL: https://issues.apache.org/jira/browse/SLING-2325
> Project: Sling
> Issue Type: Bug
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Christanto
> Assignee: Felix Meschberger
> Priority: Blocker
> Labels: davex
> Fix For: JCR DavEx 1.1.0
>
>
> SlingDavExServlet uses impersonation to get session. Doesn't work nicely if
> user doesn't have right to impersonate.
> LoginException will be thrown: javax.jcr.LoginException: attempt to
> impersonate denied for <user>
> Code excerpt from SlingDavExServlet:
> final Session session = resolver.adaptTo(Session.class);
> // as the session might be longer used by davex than the request
> // we have to create a new session!
> if ( session != null ) {
> final Credentials credentials = new
> SimpleCredentials(session.getUserID(), EMPTY_PW);
> final Session newSession = session.impersonate(credentials);
> return newSession;
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
