Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Not A Problem
-
0.15
-
None
-
None
Description
Example:
systemSession = Subject.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction<ContentSession>() { @Override public ContentSession run() throws LoginException, NoSuchWorkspaceException { return repository.login(null, null); } });
Produces a session with no permissions.
I think there are 2 issues:
1. Pre-Authenticated logins do not set an AuthInfo to the public credentials of the Subject.
2. the AbstractAccessControlManager uses the AuthInfo.getPrincipals() to retrieve them. IMO, the principals should always match those of the subject and be retrieved from there.