You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by fm...@apache.org on 2010/01/19 12:40:50 UTC
svn commit: r900735 -
/sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/SlingAuthenticator.java
Author: fmeschbe
Date: Tue Jan 19 11:40:50 2010
New Revision: 900735
URL: http://svn.apache.org/viewvc?rev=900735&view=rev
Log:
SLING-1293 Terminate impersonation handling if impersonation fails and continue request processing with the primary authenticated user
Modified:
sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/SlingAuthenticator.java
Modified: sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/SlingAuthenticator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/SlingAuthenticator.java?rev=900735&r1=900734&r2=900735&view=diff
==============================================================================
--- sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/SlingAuthenticator.java (original)
+++ sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/SlingAuthenticator.java Tue Jan 19 11:40:50 2010
@@ -24,7 +24,6 @@
import java.util.Hashtable;
import java.util.Map;
-import javax.jcr.Credentials;
import javax.jcr.LoginException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
@@ -753,15 +752,11 @@
* @param session The real {@link Session} to optionally replace with an
* impersonated session.
* @return The impersonated session or the input session.
- * @throws LoginException thrown by the {@link Session#impersonate} method.
- * @throws ContentBusException thrown by the {@link Session#impersonate}
- * method.
* @see Session#impersonate for details on the user configuration
* requirements for impersonation.
*/
private Session handleImpersonation(HttpServletRequest req,
- HttpServletResponse res, Session session) throws LoginException,
- RepositoryException {
+ HttpServletResponse res, Session session) {
// the current state of impersonation
String currentSudo = null;
@@ -790,14 +785,28 @@
// sudo the session if needed
final String authUser = session.getUserID();
if (sudo != null && sudo.length() > 0) {
- final SimpleCredentials creds = new SimpleCredentials(sudo, new char[0]);
- creds.setAttribute(ATTR_IMPERSONATOR, authUser);
- final Session impersonated = session.impersonate(creds);
-
- // logout the original session and replace with impersonated
- // session.
- session.logout();
- session = impersonated;
+ try {
+ // impersonate setting the respective attribute
+ final SimpleCredentials creds = new SimpleCredentials(sudo,
+ new char[0]);
+ creds.setAttribute(ATTR_IMPERSONATOR, authUser);
+ final Session impersonated = session.impersonate(creds);
+
+ // logout the original session and replace with impersonated
+ // session.
+ session.logout();
+ session = impersonated;
+
+ } catch (RepositoryException re) {
+
+ // log an error message if impersonation fails
+ log.error("handleImpersonation: Failed to impersonate "
+ + authUser + " as " + sudo + ", processing request as "
+ + authUser, re);
+
+ // clear sudo to revert impersonation
+ sudo = null;
+ }
}
// invariant: same session or successful impersonation