[
https://issues.apache.org/jira/browse/SLING-4888?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14629396#comment-14629396
]
angela edited comment on SLING-4888 at 7/16/15 8:04 AM:
--------------------------------------------------------
[~cziegeler], [~chaotic], as discussed; i would be glad if you could take a
look at the proposed patch. in addition to our discussion yesterday, i decided
to not use a user identifier as parameter but rather use the generic
{{Credentials}} as it is required by {{Session.impersonate}}, which may or may
not include a user id; this would not only allow the API caller to use
different credentials implementations but possibly also allow to specify
additional attributes.
was (Author: anchela):
[~cziegeler], [~chaotic], as discussed; i would be glad if you could take a
look at the proposed patch.
> Add SlingRepository.impersonateFromService
> ------------------------------------------
>
> Key: SLING-4888
> URL: https://issues.apache.org/jira/browse/SLING-4888
> Project: Sling
> Issue Type: New Feature
> Components: JCR
> Reporter: angela
> Attachments: SLING-4888.patch
>
>
> as discussed before it it would be generally preferable to perform
> event-based with the original subject that triggered the event instead of
> using a clone of the privileged session that was used to register the event
> listener.
> using the original subject (instead of just using the privileged session)
> will ultimately always results in the same piece of code which consists of
> - {{SlingRepository.loginService}} or {{SlingRepository.loginAdministrative}}
> followed by
> - {{Session.impersonate}} to obtain a session associated with the original
> subject
> - {{Session.logout}} for the privileged session
> - {{Session.logout}} for the impersonated session
> To ease the usage of the original subject, which usually would be preferable
> from a security point of view, I would like to suggest to introduce
> {{SlingRepository.impersonateFromService}}, which not only reduced the total
> amount of code to be written but also helped developers to move away from
> using {{loginAdministrative}}. Furthermore an implementation may also take
> advantage of implementation details and avoid the duplicate authentication
> altogether.
> Initial proposal of the API extension -> see attached patch
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
