[jira] [Created] (SLING-2325) SlingDavExServlet uses impersonation to get session. Doesn't work nicely if user doesn't have right to impersonate.

[Christanto (Created) (JIRA)]

SlingDavExServlet uses impersonation to get session. Doesn't work nicely if 
user doesn't have right to impersonate.
-------------------------------------------------------------------------------------------------------------------

                 Key: SLING-2325
                 URL: https://issues.apache.org/jira/browse/SLING-2325
             Project: Sling
          Issue Type: Bug
          Components: JCR
    Affects Versions: JCR DavEx 1.0.0
            Reporter: Christanto
            Priority: Blocker


SlingDavExServlet uses impersonation to get session. Doesn't work nicely if 
user doesn't have right to impersonate.
LoginException will be thrown: javax.jcr.LoginException: attempt to impersonate 
denied for <user>

Code excerpt from SlingDavExServlet:

final Session session = resolver.adaptTo(Session.class);
// as the session might be longer used by davex than the request
// we have to create a new session!
if ( session != null ) {
    final Credentials credentials = new SimpleCredentials(session.getUserID(), 
EMPTY_PW);
    final Session newSession = session.impersonate(credentials);
    return newSession;
}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira