jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (JCR-3072) System session should be able to impersonate other users
Date Tue, 20 Sep 2011 10:37:08 GMT

    [ https://issues.apache.org/jira/browse/JCR-3072?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13108499#comment-13108499

angela commented on JCR-3072:

> A more technically sound alternative could be to better decouple authentication and session
creation from each other, 
> so that someone with access to repository internals could simply skip the authentication
phase and create sessions with 
> whatever userid and principals as needed. 

that sounds reasonable.
my understanding of the system session is that it is really only a jackrabbit-core internal
session (and it's only a implementation
of session because we use JCR API for jackrabbit internals which) that should not be exposed
otherwise and should not
be used by applications on top of jackrabbit.... so, i am still in favor of reverting the
changes made to the impersonation :)

> System session should be able to impersonate other users
> --------------------------------------------------------
>                 Key: JCR-3072
>                 URL: https://issues.apache.org/jira/browse/JCR-3072
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>            Reporter: Jukka Zitting
>            Assignee: Jukka Zitting
>            Priority: Minor
>             Fix For: 2.3.0
> There are maintenance tasks where it would be useful for the system session to be able
to impersonate other users.

This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message