sling-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nate Angell <nang...@rsmart.com>
Subject Re: additional sudoers?
Date Mon, 27 Feb 2012 00:31:46 GMT
Thanks Ian!

We have already been using what I take to be standard Sling
impersonation in OAE, which for the admin user at least seems to work
OOTB now.

What I'm poking at is trying to give another user the same sudo
capabilities admin has now. Adding a user to the administrators group
in OAE does not seem to grant that special power ;(

Perhaps some digging into the areas you provided would address the
issue. What I've been trying to locate is how one would give another
user sudo powers in a standard sling context, as it appears that at
least the admin user already has that capability (and it magically
works in OAE).

= Nate

On Feb 26, 2012, at 3:57 PM, Ian Boston <ieb@tfd.co.uk> wrote:

> Nate,
> Sakai OAE uses a custom Jackrabbit UserManager implementation and a
> patched version of Jackrabbit, so impersonation may or may not work. I
> don't think anyone has tried.
> Also, I don't think that the non-jackrabbit content system under Sakai
> OAE  supports impersonation, at least, not in the same way Jackrabbit
> supports impersonation and since I suspect you want to impersonate
> operations on that content system as well as the Jackrabbit JCR
> repository, you may have to do some work.
>
> The LoginModule[1] responds to the request to impersonate a user by
> looking in the target users impersonator field to grant or not
> impersonation, but there appears to be no modification of the non
> jackrabbit session to make it impersonate.
>
> Setting, and unsetting:
> You can do this directly via the Jackrabbit Impersonation impl you
> have in Sakai OAE [2], or by setting the appropriate properties in the
> Sakai OAE user object.
>
> If you were using a stock Apache Sling ontop of an unmodified version
> of Jackrabbit I think you would need to, grant impersonation against
> the Jackrabbit user, and then write a authentication handler that
> created credentials implementing the Impersonation callback. See the
> standard LoginModule implementation in Sling.
>
> Sorry, that's not a great deal of help.
> Ian
>
>
> 1 https://github.com/sakaiproject/nakamura/blob/master/bundles/server/src/main/java/org/sakaiproject/nakamura/lite/jackrabbit/SparseLoginModule.java#L118
> 2
> https://github.com/sakaiproject/nakamura/blob/master/bundles/server/src/main/java/org/sakaiproject/nakamura/lite/jackrabbit/SparseImpersonationImpl.java#L85
>
>
> On 27 February 2012 09:13, Nate Angell <nangell@rsmart.com> wrote:
>> I'm working with Sakai OAE, a platform built on Apache Sling.
>>
>> I understand how the root admin identity can sudo as another user, but
>> I've been trying to figure out how one might make additional users
>> also be able to sudo.
>>
>> Can someone point me to some documentation or a hint about whether
>> this is possible, and if so, how?
>>
>> Thanks!
>>
>> --
>> Nate Angell
>> Sakai Product Manager
>> rSmart
>> nate.angell@rsmart.com = gchat
>> ixmati = AIM, skype
>> nthangell = yahoo, .mac
>> 209965525 = ICQ
>> http://www.rsmart.com
>> http://twitter.com/xolotl
>> http://xolotl.org

Mime
View raw message