Return-Path: X-Original-To: apmail-jackrabbit-dev-archive@www.apache.org Delivered-To: apmail-jackrabbit-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id DE1607720 for ; Tue, 20 Sep 2011 09:31:32 +0000 (UTC) Received: (qmail 65720 invoked by uid 500); 20 Sep 2011 09:31:32 -0000 Delivered-To: apmail-jackrabbit-dev-archive@jackrabbit.apache.org Received: (qmail 65660 invoked by uid 500); 20 Sep 2011 09:31:32 -0000 Mailing-List: contact dev-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@jackrabbit.apache.org Delivered-To: mailing list dev@jackrabbit.apache.org Received: (qmail 65653 invoked by uid 99); 20 Sep 2011 09:31:32 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 20 Sep 2011 09:31:32 +0000 X-ASF-Spam-Status: No, hits=-2000.5 required=5.0 tests=ALL_TRUSTED,RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 20 Sep 2011 09:31:30 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id 0EA5FA3BFF for ; Tue, 20 Sep 2011 09:31:09 +0000 (UTC) Date: Tue, 20 Sep 2011 09:31:09 +0000 (UTC) From: "Jukka Zitting (JIRA)" To: dev@jackrabbit.apache.org Message-ID: <1078469405.45459.1316511069040.JavaMail.tomcat@hel.zones.apache.org> In-Reply-To: <1280310565.25991.1315990688783.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Commented] (JCR-3072) System session should be able to impersonate other users MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/JCR-3072?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13108469#comment-13108469 ] Jukka Zitting commented on JCR-3072: ------------------------------------ This was specifically for implementing things like the SlingRepository.loginAdministrative() method that's used within Sling for many maintenance tasks that require unlimited write access to the repository. So far the only ways to create such sessions were to either hardcode admin credentials or to add a custom LoginModule that explicitly grants access to such system-level administrative logins. Neither solution is very good, so I wanted a mechanism that allows me to bypass login authentication entirely when I already have access to repository internals (i.e. the system session). Allowing the system session to impersonate other user was a simple way to do that. A more technically sound alternative could be to better decouple authentication and session creation from each other, so that someone with access to repository internals could simply skip the authentication phase and create sessions with whatever userid and principals as needed. > System session should be able to impersonate other users > -------------------------------------------------------- > > Key: JCR-3072 > URL: https://issues.apache.org/jira/browse/JCR-3072 > Project: Jackrabbit Content Repository > Issue Type: Improvement > Reporter: Jukka Zitting > Assignee: Jukka Zitting > Priority: Minor > Fix For: 2.3.0 > > > There are maintenance tasks where it would be useful for the system session to be able to impersonate other users. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira