You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2011/03/24 19:54:05 UTC
[jira] [Resolved] (JCR-2931) Compatibility issue if admin
impersonates admin session
[ https://issues.apache.org/jira/browse/JCR-2931?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
angela resolved JCR-2931.
-------------------------
Resolution: Fixed
Assignee: angela
> Compatibility issue if admin impersonates admin session
> -------------------------------------------------------
>
> Key: JCR-2931
> URL: https://issues.apache.org/jira/browse/JCR-2931
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core, security
> Reporter: angela
> Assignee: angela
> Priority: Trivial
> Fix For: 2.3.0
>
>
> in revision 1076596 in made some improvements in ImpersonationImpl removing the shortcut for "AdminPrincipal" which from my point of view is problematic.
> however, this introduced the following compatibility issue (detected by tom):
> while - according to my tests - a user is allowed to impersonate itself (jcr isn't totally clear about this but states that Session.impersonate is used to "[...] impersonate" another [...]" this was possible for the admin-user due to the shortcut mentioned above.
> in order not to break existing code relying on that special case, i would suggest to change the code accordingly.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira