[ https://issues.apache.org/jira/browse/SLING-2325?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13192645#comment-13192645 ]
Felix Meschberger commented on SLING-2325: ------------------------------------------ Changed implementation such that a session is always created using an admin session in Rev. 1235543 > SlingDavExServlet uses impersonation to get session. Doesn't work nicely if > user doesn't have right to impersonate. > ------------------------------------------------------------------------------------------------------------------- > > Key: SLING-2325 > URL: https://issues.apache.org/jira/browse/SLING-2325 > Project: Sling > Issue Type: Bug > Components: JCR > Affects Versions: JCR DavEx 1.0.0 > Reporter: Christanto > Assignee: Felix Meschberger > Priority: Blocker > Labels: davex > Fix For: JCR DavEx 1.1.0 > > > SlingDavExServlet uses impersonation to get session. Doesn't work nicely if > user doesn't have right to impersonate. > LoginException will be thrown: javax.jcr.LoginException: attempt to > impersonate denied for <user> > Code excerpt from SlingDavExServlet: > final Session session = resolver.adaptTo(Session.class); > // as the session might be longer used by davex than the request > // we have to create a new session! > if ( session != null ) { > final Credentials credentials = new > SimpleCredentials(session.getUserID(), EMPTY_PW); > final Session newSession = session.impersonate(credentials); > return newSession; > } -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira