sling-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Boston <...@tfd.co.uk>
Subject Re: additional sudoers?
Date Sun, 26 Feb 2012 23:57:11 GMT
Nate,
Sakai OAE uses a custom Jackrabbit UserManager implementation and a
patched version of Jackrabbit, so impersonation may or may not work. I
don't think anyone has tried.
Also, I don't think that the non-jackrabbit content system under Sakai
OAE  supports impersonation, at least, not in the same way Jackrabbit
supports impersonation and since I suspect you want to impersonate
operations on that content system as well as the Jackrabbit JCR
repository, you may have to do some work.

The LoginModule[1] responds to the request to impersonate a user by
looking in the target users impersonator field to grant or not
impersonation, but there appears to be no modification of the non
jackrabbit session to make it impersonate.

Setting, and unsetting:
You can do this directly via the Jackrabbit Impersonation impl you
have in Sakai OAE [2], or by setting the appropriate properties in the
Sakai OAE user object.

If you were using a stock Apache Sling ontop of an unmodified version
of Jackrabbit I think you would need to, grant impersonation against
the Jackrabbit user, and then write a authentication handler that
created credentials implementing the Impersonation callback. See the
standard LoginModule implementation in Sling.

Sorry, that's not a great deal of help.
Ian


1 https://github.com/sakaiproject/nakamura/blob/master/bundles/server/src/main/java/org/sakaiproject/nakamura/lite/jackrabbit/SparseLoginModule.java#L118
2
https://github.com/sakaiproject/nakamura/blob/master/bundles/server/src/main/java/org/sakaiproject/nakamura/lite/jackrabbit/SparseImpersonationImpl.java#L85


On 27 February 2012 09:13, Nate Angell <nangell@rsmart.com> wrote:
> I'm working with Sakai OAE, a platform built on Apache Sling.
>
> I understand how the root admin identity can sudo as another user, but
> I've been trying to figure out how one might make additional users
> also be able to sudo.
>
> Can someone point me to some documentation or a hint about whether
> this is possible, and if so, how?
>
> Thanks!
>
> --
> Nate Angell
> Sakai Product Manager
> rSmart
> nate.angell@rsmart.com = gchat
> ixmati = AIM, skype
> nthangell = yahoo, .mac
> 209965525 = ICQ
> http://www.rsmart.com
> http://twitter.com/xolotl
> http://xolotl.org

Mime
View raw message