Compatibility issue if admin impersonates admin session
-------------------------------------------------------
Key: JCR-2931
URL: https://issues.apache.org/jira/browse/JCR-2931
Project: Jackrabbit Content Repository
Issue Type: Bug
Components: jackrabbit-core, security
Reporter: angela
Priority: Trivial
Fix For: 2.3.0
in revision 1076596 in made some improvements in ImpersonationImpl removing the
shortcut for "AdminPrincipal" which from my point of view is problematic.
however, this introduced the following compatibility issue (detected by tom):
while - according to my tests - a user is allowed to impersonate itself (jcr
isn't totally clear about this but states that Session.impersonate is used to
"[...] impersonate" another [...]" this was possible for the admin-user due to
the shortcut mentioned above.
in order not to break existing code relying on that special case, i would
suggest to change the code accordingly.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
