[
https://issues.apache.org/jira/browse/JCR-2931?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13010801#comment-13010801
]
Tobias Bocanegra commented on JCR-2931:
---------------------------------------
do you mean: ensure that a admin can impersonate to an admin session, as a
shortcut to spawn a new session?
so basically:
SimpleCredentials myCreds = new SimpleCredentials(session.getUserId(), new
char[0]);
Session newSession = session.impersonate(myCreds);
should work.
> Compatibility issue if admin impersonates admin session
> -------------------------------------------------------
>
> Key: JCR-2931
> URL: https://issues.apache.org/jira/browse/JCR-2931
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core, security
> Reporter: angela
> Priority: Trivial
> Fix For: 2.3.0
>
>
> in revision 1076596 in made some improvements in ImpersonationImpl removing
> the shortcut for "AdminPrincipal" which from my point of view is problematic.
> however, this introduced the following compatibility issue (detected by tom):
> while - according to my tests - a user is allowed to impersonate itself (jcr
> isn't totally clear about this but states that Session.impersonate is used to
> "[...] impersonate" another [...]" this was possible for the admin-user due
> to the shortcut mentioned above.
> in order not to break existing code relying on that special case, i would
> suggest to change the code accordingly.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
