[JCR-2931] Compatibility issue if admin impersonates admin session - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Trivial
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.3
Component/s: jackrabbit-core, security
Labels:
None

Description

in revision 1076596 in made some improvements in ImpersonationImpl removing the shortcut for "AdminPrincipal" which from my point of view is problematic.

however, this introduced the following compatibility issue (detected by tom):
while - according to my tests - a user is allowed to impersonate itself (jcr isn't totally clear about this but states that Session.impersonate is used to "[...] impersonate" another [...]" this was possible for the admin-user due to the shortcut mentioned above.

in order not to break existing code relying on that special case, i would suggest to change the code accordingly.

Attachments

Activity

People

Assignee:: Angela Schreiber

Reporter:: Angela Schreiber

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 24/Mar/11 14:34

Updated:: 08/Nov/11 15:56

Resolved:: 24/Mar/11 18:52