Hi Konrad, On Thu, 2022-08-04 at 16:45 +0200, Konrad Windszus wrote: > Hi Robert, > According to > https://sling.apache.org/documentation/the-sling-engine/resources.html#jcr-based-resources > the key “user.impersonation” “...Must be combined with one of the > other authentication info keys.” > So I guess you need to add at least one other key to the > AuthenticationInfo map (most probably a session). > Otherwise Oak would not know from whose perspective you want to > impersonate.
That works for me, thanks. I was able to look up the resource resolver associated with the authenticated user by looking it up at request.getAttribute(AuthenticationSupport.REQUEST_ATTRIBUTE_RESOLVER); which, AFAIU, is guaranteed to be set if the user is authenticated. Thanks, Robert > > Konrad > > > On 4. Aug 2022, at 15:37, Robert Munteanu <[email protected]> > > wrote: > > > > Hi, > > > > For SLING-10844 [1] I am trying to add a feature to the resource > > resolver console plugin which allows the map/resolve test to > > optionally > > run as a specific user. > > > > The code I'm using is very simple > > > > Map<String, Object> authenticationInfo = new HashMap<>(); > > authenticationInfo.put(ResourceResolverFactory.USER_IMPERSONATION, > > user); > > resolver = > > resolverFactory.getResourceResolver(authenticationInfo); > > > > A failure is thrown from Oak, even though I'm logging in as > > admin/admin: > > > > Caused by: javax.security.auth.login.FailedLoginException: > > Impersonation not allowed. > > at > > org.apache.jackrabbit.oak.security.user.UserAuthentication.checkSuc > > cess > > (UserAuthentication.java:186) > > at > > org.apache.jackrabbit.oak.security.user.UserAuthentication.authenti > > cate > > (UserAuthentication.java:126) > > at > > org.apache.jackrabbit.oak.security.authentication.user.LoginModuleI > > mpl. > > authenticate(LoginModuleImpl.java:261) > > at > > org.apache.jackrabbit.oak.security.authentication.user.LoginModuleI > > mpl. > > login(LoginModuleImpl.java:130) > > at > > org.apache.felix.jaas.boot.ProxyLoginModule.login(ProxyLoginModule. > > java > > :52) > > > > (I've ommitted the full stack trace). > > > > Does anyone know whether I'm missing something from the code or if > > this > > is a limitation of the web console? If it's a limitation, is there > > a > > place where I can try and fix it? > > > > Thanks, > > Robert > > > > [1]: https://issues.apache.org/jira/browse/SLING-10844 >
