jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (JCR-3072) System session should be able to impersonate other users
Date Tue, 20 Sep 2011 10:37:08 GMT

    [ https://issues.apache.org/jira/browse/JCR-3072?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13108499#comment-13108499
] 

angela commented on JCR-3072:
-----------------------------

> A more technically sound alternative could be to better decouple authentication and session
creation from each other, 
> so that someone with access to repository internals could simply skip the authentication
phase and create sessions with 
> whatever userid and principals as needed. 

that sounds reasonable.
my understanding of the system session is that it is really only a jackrabbit-core internal
session (and it's only a implementation
of session because we use JCR API for jackrabbit internals which) that should not be exposed
otherwise and should not
be used by applications on top of jackrabbit.... so, i am still in favor of reverting the
changes made to the impersonation :)

> System session should be able to impersonate other users
> --------------------------------------------------------
>
>                 Key: JCR-3072
>                 URL: https://issues.apache.org/jira/browse/JCR-3072
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>            Reporter: Jukka Zitting
>            Assignee: Jukka Zitting
>            Priority: Minor
>             Fix For: 2.3.0
>
>
> There are maintenance tasks where it would be useful for the system session to be able
to impersonate other users.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message