How to set rep:impersonators property on a user

Avatar

Avatar

rajeev_yadav

Avatar

rajeev_yadav

rajeev_yadav

31-01-2019

Hi All,

I am using AEM 6.3 & I have a use case where User A needs to be setup as impersonator on user B using api code. In order to achieve this, I need to setup rep:impersonators property on user B.

I have tried couple of options but none of these seems to be setting this property on user:

1. Added User A to user-administrators group and then tried to call grantimpersonators method on user B using user A but it always returns false.

2. Created a system user and added it to users-administrators group and then using user session tried to set rep:impersonators property on user B. But this also does not work

Can you please assist on how can I setup the impersonators property on any user using api and what are the prerequisites in order to be able to add this property successfully.

THanks,
Rajeev

Accepted Solutions (0)

Answers (6)

Answers (6)

Avatar

Avatar

Jörg_Hoh

Employee

Total Posts

(val/1000)?string[".0"]}K

Likes

891

Correct Answer

(val/1000)?string[".0"]}K

Avatar

Jörg_Hoh

Employee

Total Posts

(val/1000)?string[".0"]}K

Likes

891

Correct Answer

(val/1000)?string[".0"]}K
Jörg_Hoh
Employee

03-02-2019

There are no further prequisites to use this API.

Avatar

Avatar

rajeev_yadav

Avatar

rajeev_yadav

rajeev_yadav

01-02-2019

@Jörg Hohb :

Also current logged in user  is canImpersonate  and I want to setup the impersonation property on jrUser. 

canImpersonate is a member of user-adminsitrations which means this user has all the rights to update user/groups.

Thanks,

Rajeev

Avatar

Avatar

rajeev_yadav

Avatar

rajeev_yadav

rajeev_yadav

01-02-2019

@Jörg Hoh

Thank you for the details.

Does jrUser  needs any specific permissions in repository in order to successfully grant impersonation right to  canImpersonate?

Avatar

Avatar

Jörg_Hoh

Employee

Total Posts

(val/1000)?string[".0"]}K

Likes

891

Correct Answer

(val/1000)?string[".0"]}K

Avatar

Jörg_Hoh

Employee

Total Posts

(val/1000)?string[".0"]}K

Likes

891

Correct Answer

(val/1000)?string[".0"]}K
Jörg_Hoh
Employee

01-02-2019

The JCR standard does not provide this feature, but the Jackrabbit implementation does.

import org.apache.jackrabbit.api.security.user.User;

User canImpersonate = ...

User jrUser = (User) session.getUser();

Impersonation impersonation = jrUser.getImpersonation();

impersonation.grantImpersonation (canImpersonate);

User (Apache Jackrabbit 2.18.0 API)

Avatar

Avatar

rajeev_yadav

Avatar

rajeev_yadav

rajeev_yadav

01-02-2019

smacdonald2008​: Below are the 3 options that we tried:

Scenario 1:

Boolean checkImpersonated = userB.getImpersonation().grantImpersonation(userA.getPrincipal());

//always returns false.

Scenario 2:

Value userAuthorizableId=session.getValueFactory().createValue(userSession.getUserID(), PropertyType.STRING);

User userB=(User) userManager.getAuthorizable(impersonateUser);

userB.setProperty("rep:impersonators", impersonator);

session

Scenario 3:

String impersonators = {“user1@test.com”,”test2@test.com”};

Authorizable auth = userManager.getAuthorizable(userBId);

Node authNode = session.getNode(auth.getPath());

  1. authNode.setProperty(("rep:impersonators", impersonators);
  2. session.save();

Avatar

Avatar

smacdonald2008

Total Posts

(val/1000)?string[".0"]}K

Likes

(val/1000)?string[".0"]}K

Correct Answer

(val/1000)?string[".0"]}K

Avatar

smacdonald2008

Total Posts

(val/1000)?string[".0"]}K

Likes

(val/1000)?string[".0"]}K

Correct Answer

(val/1000)?string[".0"]}K
smacdonald2008

01-02-2019

WHat API are you using to perform this use case?