You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by pa...@apache.org on 2017/11/14 14:59:47 UTC
[sling-org-apache-sling-jcr-davex] branch master updated:
SLING-6404: Remove loginAdministrative() usage from jcr.davex (patch
provided by Angela Schreiber - thanks).
This is an automated email from the ASF dual-hosted git repository.
pauls pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-davex.git
The following commit(s) were added to refs/heads/master by this push:
new 5398c29 SLING-6404: Remove loginAdministrative() usage from jcr.davex (patch provided by Angela Schreiber - thanks).
5398c29 is described below
commit 5398c29f000782b9036cc46541c7b1d591473afb
Author: Karl Pauls <ka...@gmail.com>
AuthorDate: Tue Nov 14 15:59:39 2017 +0100
SLING-6404: Remove loginAdministrative() usage from jcr.davex (patch provided by Angela Schreiber - thanks).
---
.../jcr/davex/impl/servlets/SlingDavExServlet.java | 27 ++++------------------
1 file changed, 5 insertions(+), 22 deletions(-)
diff --git a/src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java b/src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java
index 9b3343c..04d1965 100644
--- a/src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java
+++ b/src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java
@@ -177,37 +177,20 @@ public class SlingDavExServlet extends JcrRemotingServlet {
* Creates a new session for the user of the slingSession in the
* same workspace as the slingSession.
* <p>
- * Assumption: The admin session has permission to impersonate
- * as any user without restriction. If this is not the case
- * the Session.impersonate method throws a LoginException
- * which is folded into a RepositoryException.
+ * Assumption: Every session can impersonate itself as it is defined by JCR 2.0.
*
* @param slingSession The session provided by the Sling
- * authentication mechanis,
+ * authentication mechanism,
* @return a new session which may (and will) outlast the request
- * @throws RepositoryException If an error occurrs creating the
- * session.
+ * @throws RepositoryException If an error occurs creating the session.
*/
private Session getLongLivedSession(final Session slingSession) throws RepositoryException {
- Session adminSession = null;
final String user = slingSession.getUserID();
try {
final SimpleCredentials credentials = new SimpleCredentials(user, EMPTY_PW);
- final String wsp = slingSession.getWorkspace().getName();
- adminSession = SlingDavExServlet.this.repository.loginAdministrative(wsp);
- return adminSession.impersonate(credentials);
- } catch (RepositoryException re) {
-
- // LoginException from impersonate (missing permission)
- // and RepositoryException from loginAdministrative and
- // impersonate folded into RepositoryException to
- // cause a 403/FORBIDDEN response
+ return slingSession.impersonate(credentials);
+ } catch (Exception re) {
throw new RepositoryException("Cannot get session for " + user, re);
-
- } finally {
- if (adminSession != null) {
- adminSession.logout();
- }
}
}
};
--
To stop receiving notification emails like this one, please contact
['"commits@sling.apache.org" <co...@sling.apache.org>'].