[
https://issues.apache.org/jira/browse/JCR-3072?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13108469#comment-13108469
]
Jukka Zitting commented on JCR-3072:
------------------------------------
This was specifically for implementing things like the
SlingRepository.loginAdministrative() method that's used within Sling for many
maintenance tasks that require unlimited write access to the repository.
So far the only ways to create such sessions were to either hardcode admin
credentials or to add a custom LoginModule that explicitly grants access to
such system-level administrative logins. Neither solution is very good, so I
wanted a mechanism that allows me to bypass login authentication entirely when
I already have access to repository internals (i.e. the system session).
Allowing the system session to impersonate other user was a simple way to do
that.
A more technically sound alternative could be to better decouple authentication
and session creation from each other, so that someone with access to repository
internals could simply skip the authentication phase and create sessions with
whatever userid and principals as needed.
> System session should be able to impersonate other users
> --------------------------------------------------------
>
> Key: JCR-3072
> URL: https://issues.apache.org/jira/browse/JCR-3072
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Reporter: Jukka Zitting
> Assignee: Jukka Zitting
> Priority: Minor
> Fix For: 2.3.0
>
>
> There are maintenance tasks where it would be useful for the system session
> to be able to impersonate other users.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
