You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2011/03/24 19:54:05 UTC

[jira] [Resolved] (JCR-2931) Compatibility issue if admin impersonates admin session

     [ https://issues.apache.org/jira/browse/JCR-2931?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

angela resolved JCR-2931.
-------------------------

    Resolution: Fixed
      Assignee: angela

> Compatibility issue if admin impersonates admin session
> -------------------------------------------------------
>
>                 Key: JCR-2931
>                 URL: https://issues.apache.org/jira/browse/JCR-2931
>             Project: Jackrabbit Content Repository
>          Issue Type: Bug
>          Components: jackrabbit-core, security
>            Reporter: angela
>            Assignee: angela
>            Priority: Trivial
>             Fix For: 2.3.0
>
>
> in revision 1076596 in made some improvements in ImpersonationImpl removing the shortcut for "AdminPrincipal" which from my point of view is problematic.
> however, this introduced the following compatibility issue (detected by tom):
> while - according to my tests - a user is allowed to impersonate itself (jcr isn't totally clear about this but states that Session.impersonate is used to "[...] impersonate" another [...]" this was possible for the admin-user due to the shortcut mentioned above.
> in order not to break existing code relying on that special case, i would suggest to change the code accordingly.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira