jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] [Created] (JCR-2931) Compatibility issue if admin impersonates admin session
Date Thu, 24 Mar 2011 14:35:05 GMT
Compatibility issue if admin impersonates admin session
-------------------------------------------------------

                 Key: JCR-2931
                 URL: https://issues.apache.org/jira/browse/JCR-2931
             Project: Jackrabbit Content Repository
          Issue Type: Bug
          Components: jackrabbit-core, security
            Reporter: angela
            Priority: Trivial
             Fix For: 2.3.0


in revision 1076596 in made some improvements in ImpersonationImpl removing the shortcut for
"AdminPrincipal" which from my point of view is problematic.

however, this introduced the following compatibility issue (detected by tom):
while - according to my tests - a user is allowed to impersonate itself (jcr isn't totally
clear about this but states that Session.impersonate is used to "[...] impersonate" another
[...]" this was possible for the admin-user due to the shortcut mentioned above.

in order not to break existing code relying on that special case, i would suggest to change
the code accordingly.




--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message