You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2011/03/24 15:35:05 UTC
[jira] [Created] (JCR-2931) Compatibility issue if admin
impersonates admin session
Compatibility issue if admin impersonates admin session
-------------------------------------------------------
Key: JCR-2931
URL: https://issues.apache.org/jira/browse/JCR-2931
Project: Jackrabbit Content Repository
Issue Type: Bug
Components: jackrabbit-core, security
Reporter: angela
Priority: Trivial
Fix For: 2.3.0
in revision 1076596 in made some improvements in ImpersonationImpl removing the shortcut for "AdminPrincipal" which from my point of view is problematic.
however, this introduced the following compatibility issue (detected by tom):
while - according to my tests - a user is allowed to impersonate itself (jcr isn't totally clear about this but states that Session.impersonate is used to "[...] impersonate" another [...]" this was possible for the admin-user due to the shortcut mentioned above.
in order not to break existing code relying on that special case, i would suggest to change the code accordingly.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (JCR-2931) Compatibility issue if admin
impersonates admin session
Posted by "angela (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-2931?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
angela resolved JCR-2931.
-------------------------
Resolution: Fixed
Assignee: angela
> Compatibility issue if admin impersonates admin session
> -------------------------------------------------------
>
> Key: JCR-2931
> URL: https://issues.apache.org/jira/browse/JCR-2931
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core, security
> Reporter: angela
> Assignee: angela
> Priority: Trivial
> Fix For: 2.3.0
>
>
> in revision 1076596 in made some improvements in ImpersonationImpl removing the shortcut for "AdminPrincipal" which from my point of view is problematic.
> however, this introduced the following compatibility issue (detected by tom):
> while - according to my tests - a user is allowed to impersonate itself (jcr isn't totally clear about this but states that Session.impersonate is used to "[...] impersonate" another [...]" this was possible for the admin-user due to the shortcut mentioned above.
> in order not to break existing code relying on that special case, i would suggest to change the code accordingly.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (JCR-2931) Compatibility issue if admin
impersonates admin session
Posted by "Tobias Bocanegra (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-2931?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13010801#comment-13010801 ]
Tobias Bocanegra commented on JCR-2931:
---------------------------------------
do you mean: ensure that a admin can impersonate to an admin session, as a shortcut to spawn a new session?
so basically:
SimpleCredentials myCreds = new SimpleCredentials(session.getUserId(), new char[0]);
Session newSession = session.impersonate(myCreds);
should work.
> Compatibility issue if admin impersonates admin session
> -------------------------------------------------------
>
> Key: JCR-2931
> URL: https://issues.apache.org/jira/browse/JCR-2931
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core, security
> Reporter: angela
> Priority: Trivial
> Fix For: 2.3.0
>
>
> in revision 1076596 in made some improvements in ImpersonationImpl removing the shortcut for "AdminPrincipal" which from my point of view is problematic.
> however, this introduced the following compatibility issue (detected by tom):
> while - according to my tests - a user is allowed to impersonate itself (jcr isn't totally clear about this but states that Session.impersonate is used to "[...] impersonate" another [...]" this was possible for the admin-user due to the shortcut mentioned above.
> in order not to break existing code relying on that special case, i would suggest to change the code accordingly.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira