[
https://issues.apache.org/jira/browse/JCR-3072?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13108499#comment-13108499
]
angela commented on JCR-3072:
-----------------------------
> A more technically sound alternative could be to better decouple
> authentication and session creation from each other,
> so that someone with access to repository internals could simply skip the
> authentication phase and create sessions with
> whatever userid and principals as needed.
that sounds reasonable.
my understanding of the system session is that it is really only a
jackrabbit-core internal session (and it's only a implementation
of session because we use JCR API for jackrabbit internals which) that should
not be exposed otherwise and should not
be used by applications on top of jackrabbit.... so, i am still in favor of
reverting the changes made to the impersonation :)
> System session should be able to impersonate other users
> --------------------------------------------------------
>
> Key: JCR-3072
> URL: https://issues.apache.org/jira/browse/JCR-3072
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Reporter: Jukka Zitting
> Assignee: Jukka Zitting
> Priority: Minor
> Fix For: 2.3.0
>
>
> There are maintenance tasks where it would be useful for the system session
> to be able to impersonate other users.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
