[
https://issues.apache.org/jira/browse/OAK-2947?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14974584#comment-14974584
]
Alexander Klimetschek commented on OAK-2947:
--------------------------------------------
So you mean using the Subject.doAs stuff?
IMO we should keep such things in the repository layer and not complicate the
Sling service user "bindings" later any further. Which was really meant to map
between code (bundles) and a service user, but not really doing any
authentication or authorization itself. And it's always nice to be able to do
such stuff with the raw JCR/Jackrabbit APIs.
> Allow configured system user(s) to impersonate regular users
> ------------------------------------------------------------
>
> Key: OAK-2947
> URL: https://issues.apache.org/jira/browse/OAK-2947
> Project: Jackrabbit Oak
> Issue Type: New Feature
> Components: core
> Affects Versions: 1.2
> Reporter: angela
> Assignee: angela
> Attachments: OAK-2947.patch
>
>
> Based on some private discussion on how to implement a feature that allows a
> given subject to continue working on 'his' modifications after changes being
> persisted, we ([~djaeggi], [~chaotic] and [~anchela]) thought that it would
> be beneficial to have a configuration option in Oak that allows certain
> system users to impersonate regular users irrespective on the
> {{rep:impersonators}} properties present with those users.
> [~fmeschbe] additionally proposed to allow for a configuration that not only
> states the name(s) of the service users but also limits the sudo-rights to
> members of a certain group: for example the impersonation ability of a
> potential system user "impersonate-content-authors" could be limited to
> impersonate members of the "content-authors" group.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
