Hi All,
I am using AEM 6.3 & I have a use case where User A needs to be setup as impersonator on user B using api code. In order to achieve this, I need to setup rep:impersonators property on user B.
I have tried couple of options but none of these seems to be setting this property on user:
1. Added User A to user-administrators group and then tried to call grantimpersonators method on user B using user A but it always returns false.
2. Created a system user and added it to users-administrators group and then using user session tried to set rep:impersonators property on user B. But this also does not work
Can you please assist on how can I setup the impersonators property on any user using api and what are the prerequisites in order to be able to add this property successfully.
THanks,
Rajeev
Views
Replies
Total Likes
WHat API are you using to perform this use case?
Views
Replies
Total Likes
smacdonald2008: Below are the 3 options that we tried:
Scenario 1:
Boolean checkImpersonated = userB.getImpersonation().grantImpersonation(userA.getPrincipal());
//always returns false.
Scenario 2:
Value userAuthorizableId=session.getValueFactory().createValue(userSession.getUserID(), PropertyType.STRING);
User userB=(User) userManager.getAuthorizable(impersonateUser);
userB.setProperty("rep:impersonators", impersonator);
session
Scenario 3:
String impersonators = {“user1@test.com”,”test2@test.com”};
Authorizable auth = userManager.getAuthorizable(userBId);
Node authNode = session.getNode(auth.getPath());
Views
Replies
Total Likes
The JCR standard does not provide this feature, but the Jackrabbit implementation does.
import org.apache.jackrabbit.api.security.user.User;
User canImpersonate = ...
User jrUser = (User) session.getUser();
Impersonation impersonation = jrUser.getImpersonation();
impersonation.grantImpersonation (canImpersonate);
Views
Replies
Total Likes
Thank you for the details.
Does jrUser needs any specific permissions in repository in order to successfully grant impersonation right to canImpersonate?
Views
Replies
Total Likes
Also current logged in user is canImpersonate and I want to setup the impersonation property on jrUser.
canImpersonate is a member of user-adminsitrations which means this user has all the rights to update user/groups.
Thanks,
Rajeev
Views
Replies
Total Likes
There are no further prequisites to use this API.
Views
Replies
Total Likes