jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jukka Zitting (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (JCR-3072) System session should be able to impersonate other users
Date Tue, 20 Sep 2011 09:31:09 GMT

    [ https://issues.apache.org/jira/browse/JCR-3072?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13108469#comment-13108469

Jukka Zitting commented on JCR-3072:

This was specifically for implementing things like the SlingRepository.loginAdministrative()
method that's used within Sling for many maintenance tasks that require unlimited write access
to the repository.

So far the only ways to create such sessions were to either hardcode admin credentials or
to add a custom LoginModule that explicitly grants access to such system-level administrative
logins. Neither solution is very good, so I wanted a mechanism that allows me to bypass login
authentication entirely when I already have access to repository internals (i.e. the system
session). Allowing the system session to impersonate other user was a simple way to do that.

A more technically sound alternative could be to better decouple authentication and session
creation from each other, so that someone with access to repository internals could simply
skip the authentication phase and create sessions with whatever userid and principals as needed.

> System session should be able to impersonate other users
> --------------------------------------------------------
>                 Key: JCR-3072
>                 URL: https://issues.apache.org/jira/browse/JCR-3072
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>            Reporter: Jukka Zitting
>            Assignee: Jukka Zitting
>            Priority: Minor
>             Fix For: 2.3.0
> There are maintenance tasks where it would be useful for the system session to be able
to impersonate other users.

This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message