jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tobias Bocanegra (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (JCR-2931) Compatibility issue if admin impersonates admin session
Date Thu, 24 Mar 2011 17:58:05 GMT

    [ https://issues.apache.org/jira/browse/JCR-2931?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13010801#comment-13010801
] 

Tobias Bocanegra commented on JCR-2931:
---------------------------------------

do you mean: ensure that a admin can impersonate to an admin session, as a shortcut to spawn
a new session?

so basically:

SimpleCredentials myCreds = new SimpleCredentials(session.getUserId(), new char[0]);
Session newSession = session.impersonate(myCreds);

should work.

> Compatibility issue if admin impersonates admin session
> -------------------------------------------------------
>
>                 Key: JCR-2931
>                 URL: https://issues.apache.org/jira/browse/JCR-2931
>             Project: Jackrabbit Content Repository
>          Issue Type: Bug
>          Components: jackrabbit-core, security
>            Reporter: angela
>            Priority: Trivial
>             Fix For: 2.3.0
>
>
> in revision 1076596 in made some improvements in ImpersonationImpl removing the shortcut
for "AdminPrincipal" which from my point of view is problematic.
> however, this introduced the following compatibility issue (detected by tom):
> while - according to my tests - a user is allowed to impersonate itself (jcr isn't totally
clear about this but states that Session.impersonate is used to "[...] impersonate" another
[...]" this was possible for the admin-user due to the shortcut mentioned above.
> in order not to break existing code relying on that special case, i would suggest to
change the code accordingly.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message