Hi Angela,
Thanks. So we would expect the caller to do the escaping, wouldn't we?
Best regards,
Manfred
On 4/3/2017 4:36 PM, Angela Schreiber wrote:
Hi
I don't know how Michael intended it to work originally. Given the fact
that the impersonation setup is established and evaluated using principals
I would expect it to be a principal name, which in the default
implementation just can be any string value.
Kind regards
Angela
On 03/04/17 16:14, "Manfred Baedke" <[email protected]> wrote:
Hi all,
Can anyone clarify the contract of the method
org.apache.jackrabbit.api.security.user.QueryBuilder.impersonate(String
name)?
According to the JavaDoc, the parameter is the "name of an
authorizable". But the interface
org.apache.jackrabbit.api.security.user.Authorizable doesn't have a
name, just an id and a principal (which in turn has a name).
If a principal name is expected here (which seems to be the case
according to the implementations), then it needs to be specified if the
caller has to do any necessary escaping: if the user in question is e.g.
an LDAP user, it's principal name may contain backslash characters.
Best regards,
Manfred
