[
https://issues.apache.org/jira/browse/SLING-1618?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger resolved SLING-1618.
--------------------------------------
Resolution: Fixed
Rev. 980739: As with primary sessions, the authentication info entries should
be copied as session attributes for impersonated sessions. In addition the name
of the impersonating user should be provided as a special session attribute.
Plus: the jcr.user.credentials and user.password attributes are not copied to
prevent leaking sensitive information into the session attributes.
Rev. 980775 and 980777 fix some refactoring glitches and Rev. 980750 removes
the unused ATTR_IMPERSONATOR constant from the SlingAuthenticator class.
> JCR Session attribute "impersonator" not set any more
> -----------------------------------------------------
>
> Key: SLING-1618
> URL: https://issues.apache.org/jira/browse/SLING-1618
> Project: Sling
> Issue Type: Bug
> Components: JCR
> Affects Versions: JCR Resource 2.0.8
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: JCR Resource 2.0.8
>
>
> While switching the Commons Auth implementation to use the new
> ResourceResolverFactory service instead of directly creating JCR sessions
> (SLING-1534, Rev. 950104), the functionality to set the "impersonator"
> session attribute on an impersonated session has been lost.
> This should be added again to the JcrResourceResolverFactoryImpl.handleSudo
> method again.
> In addition, copying over all of the Authentication Info parameters (except
> any parameters whose name contains the word "password", particularly
> "user.password") might also be added.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
