You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Justin Edelson (Resolved) (JIRA)" <ji...@apache.org> on 2011/12/21 02:13:30 UTC
[jira] [Resolved] (SLING-2325) SlingDavExServlet uses impersonation
to get session. Doesn't work nicely if user doesn't have right to
impersonate.
[ https://issues.apache.org/jira/browse/SLING-2325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Justin Edelson resolved SLING-2325.
-----------------------------------
Resolution: Fixed
using new functionality added in SLING-2337
fixed in r1221546
> SlingDavExServlet uses impersonation to get session. Doesn't work nicely if user doesn't have right to impersonate.
> -------------------------------------------------------------------------------------------------------------------
>
> Key: SLING-2325
> URL: https://issues.apache.org/jira/browse/SLING-2325
> Project: Sling
> Issue Type: Bug
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Christanto
> Assignee: Justin Edelson
> Priority: Blocker
> Labels: davex
> Fix For: JCR DavEx 1.1.0
>
>
> SlingDavExServlet uses impersonation to get session. Doesn't work nicely if user doesn't have right to impersonate.
> LoginException will be thrown: javax.jcr.LoginException: attempt to impersonate denied for <user>
> Code excerpt from SlingDavExServlet:
> final Session session = resolver.adaptTo(Session.class);
> // as the session might be longer used by davex than the request
> // we have to create a new session!
> if ( session != null ) {
> final Credentials credentials = new SimpleCredentials(session.getUserID(), EMPTY_PW);
> final Session newSession = session.impersonate(credentials);
> return newSession;
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira