You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Felix Meschberger (JIRA)" <ji...@apache.org> on 2010/07/30 13:06:15 UTC

[jira] Created: (SLING-1618) JCR Session attribute "impersonator" not set any more

JCR Session attribute "impersonator" not set any more
-----------------------------------------------------

                 Key: SLING-1618
                 URL: https://issues.apache.org/jira/browse/SLING-1618
             Project: Sling
          Issue Type: Bug
          Components: JCR
    Affects Versions: JCR Resource 2.0.8
            Reporter: Felix Meschberger
            Assignee: Felix Meschberger
             Fix For: JCR Resource 2.0.8


While switching the Commons Auth implementation to use the new ResourceResolverFactory service instead of directly creating JCR sessions (SLING-1534, Rev. 950104), the functionality to set the "impersonator" session attribute on an impersonated session has been lost.

This should be added again to the JcrResourceResolverFactoryImpl.handleSudo method again.

In addition, copying over all of the Authentication Info parameters (except any parameters whose name contains the word "password", particularly "user.password") might also be added.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (SLING-1618) JCR Session attribute "impersonator" not set any more

Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/SLING-1618?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Felix Meschberger resolved SLING-1618.
--------------------------------------

    Resolution: Fixed

Rev. 980739: As with primary sessions, the authentication info entries should be copied as session attributes for impersonated sessions. In addition the name of the impersonating user should be provided as a special session attribute.

Plus: the jcr.user.credentials and user.password attributes are not copied to prevent leaking sensitive information into the session attributes.

Rev. 980775 and 980777 fix some refactoring glitches and Rev. 980750 removes the unused ATTR_IMPERSONATOR constant from the SlingAuthenticator class.

> JCR Session attribute "impersonator" not set any more
> -----------------------------------------------------
>
>                 Key: SLING-1618
>                 URL: https://issues.apache.org/jira/browse/SLING-1618
>             Project: Sling
>          Issue Type: Bug
>          Components: JCR
>    Affects Versions: JCR Resource 2.0.8
>            Reporter: Felix Meschberger
>            Assignee: Felix Meschberger
>             Fix For: JCR Resource 2.0.8
>
>
> While switching the Commons Auth implementation to use the new ResourceResolverFactory service instead of directly creating JCR sessions (SLING-1534, Rev. 950104), the functionality to set the "impersonator" session attribute on an impersonated session has been lost.
> This should be added again to the JcrResourceResolverFactoryImpl.handleSudo method again.
> In addition, copying over all of the Authentication Info parameters (except any parameters whose name contains the word "password", particularly "user.password") might also be added.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.