Jackrabbit Content Repository
  1. Jackrabbit Content Repository
  2. JCR-2931

Compatibility issue if admin impersonates admin session

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Trivial Trivial
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.3
    • Component/s: jackrabbit-core, security
    • Labels:
      None

      Description

      in revision 1076596 in made some improvements in ImpersonationImpl removing the shortcut for "AdminPrincipal" which from my point of view is problematic.

      however, this introduced the following compatibility issue (detected by tom):
      while - according to my tests - a user is allowed to impersonate itself (jcr isn't totally clear about this but states that Session.impersonate is used to "[...] impersonate" another [...]" this was possible for the admin-user due to the shortcut mentioned above.

      in order not to break existing code relying on that special case, i would suggest to change the code accordingly.

        Activity

          People

          • Assignee:
            angela
            Reporter:
            angela
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development