Hi Robert, According to https://sling.apache.org/documentation/the-sling-engine/resources.html#jcr-based-resources the key “user.impersonation” “...Must be combined with one of the other authentication info keys.” So I guess you need to add at least one other key to the AuthenticationInfo map (most probably a session). Otherwise Oak would not know from whose perspective you want to impersonate.
Konrad > On 4. Aug 2022, at 15:37, Robert Munteanu <[email protected]> wrote: > > Hi, > > For SLING-10844 [1] I am trying to add a feature to the resource > resolver console plugin which allows the map/resolve test to optionally > run as a specific user. > > The code I'm using is very simple > > Map<String, Object> authenticationInfo = new HashMap<>(); > authenticationInfo.put(ResourceResolverFactory.USER_IMPERSONATION, > user); > resolver = resolverFactory.getResourceResolver(authenticationInfo); > > A failure is thrown from Oak, even though I'm logging in as > admin/admin: > > Caused by: javax.security.auth.login.FailedLoginException: > Impersonation not allowed. > at > org.apache.jackrabbit.oak.security.user.UserAuthentication.checkSuccess > (UserAuthentication.java:186) > at > org.apache.jackrabbit.oak.security.user.UserAuthentication.authenticate > (UserAuthentication.java:126) > at > org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl. > authenticate(LoginModuleImpl.java:261) > at > org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl. > login(LoginModuleImpl.java:130) > at > org.apache.felix.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java > :52) > > (I've ommitted the full stack trace). > > Does anyone know whether I'm missing something from the code or if this > is a limitation of the web console? If it's a limitation, is there a > place where I can try and fix it? > > Thanks, > Robert > > [1]: https://issues.apache.org/jira/browse/SLING-10844
