[
https://issues.apache.org/jira/browse/SLING-2325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger reopened SLING-2325:
--------------------------------------
As noted with SLING-2337: The solution to just force the session to remain open
is IMHO wrong. The correct solution would be to ensure Jackrabbit WebDAV is
really letting go of sessions after having processed the request.
> SlingDavExServlet uses impersonation to get session. Doesn't work nicely if
> user doesn't have right to impersonate.
> -------------------------------------------------------------------------------------------------------------------
>
> Key: SLING-2325
> URL: https://issues.apache.org/jira/browse/SLING-2325
> Project: Sling
> Issue Type: Bug
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Christanto
> Assignee: Justin Edelson
> Priority: Blocker
> Labels: davex
> Fix For: JCR DavEx 1.1.0
>
>
> SlingDavExServlet uses impersonation to get session. Doesn't work nicely if
> user doesn't have right to impersonate.
> LoginException will be thrown: javax.jcr.LoginException: attempt to
> impersonate denied for <user>
> Code excerpt from SlingDavExServlet:
> final Session session = resolver.adaptTo(Session.class);
> // as the session might be longer used by davex than the request
> // we have to create a new session!
> if ( session != null ) {
> final Credentials credentials = new
> SimpleCredentials(session.getUserID(), EMPTY_PW);
> final Session newSession = session.impersonate(credentials);
> return newSession;
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
