commit 5398c29f000782b9036cc46541c7b1d591473afb
author Karl Pauls <karlpauls@gmail.com> Tue Nov 14 15:59:39 2017 +0100
committer Karl Pauls <karlpauls@gmail.com> Tue Nov 14 15:59:39 2017 +0100
tree 4b5922b7a77a17e04f21c8368f49d5dac89295ec
parent 997c32793e7f2f3b739646a79ea86c949074de9c

SLING-6404: Remove loginAdministrative() usage from jcr.davex (patch provided by Angela Schreiber - thanks).

src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java

diff --git a/src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java b/src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java
index 9b3343c..04d1965 100644
--- a/src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java
+++ b/src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java
@@ -177,37 +177,20 @@
              * Creates a new session for the user of the slingSession in the
              * same workspace as the slingSession.
              * <p>
-             * Assumption: The admin session has permission to impersonate
-             * as any user without restriction. If this is not the case
-             * the Session.impersonate method throws a LoginException
-             * which is folded into a RepositoryException.
+             * Assumption: Every session can impersonate itself as it is defined by JCR 2.0.
              *
              * @param slingSession The session provided by the Sling
-             *            authentication mechanis,
+             *            authentication mechanism,
              * @return a new session which may (and will) outlast the request
-             * @throws RepositoryException If an error occurrs creating the
-             *             session.
+             * @throws RepositoryException If an error occurs creating the session.
              */
             private Session getLongLivedSession(final Session slingSession) throws RepositoryException {
-                Session adminSession = null;
                 final String user = slingSession.getUserID();
                 try {
                     final SimpleCredentials credentials = new SimpleCredentials(user, EMPTY_PW);
-                    final String wsp = slingSession.getWorkspace().getName();
-                    adminSession = SlingDavExServlet.this.repository.loginAdministrative(wsp);
-                    return adminSession.impersonate(credentials);
-                } catch (RepositoryException re) {
-
-                    // LoginException from impersonate (missing permission)
-                    // and RepositoryException from loginAdministrative and
-                    // impersonate folded into RepositoryException to
-                    // cause a 403/FORBIDDEN response
+                    return slingSession.impersonate(credentials);
+                } catch (Exception re) {
                     throw new RepositoryException("Cannot get session for " + user, re);
-
-                } finally {
-                    if (adminSession != null) {
-                        adminSession.logout();
-                    }
                 }
             }
         };