Expand my Community achievements bar.

SOLVED

Impersonating user

Avatar

Level 1

Hi All,

A user with Admin rights couldn't impersonate any users in AEM 6.1

Is it a bug? Any possible solution to fix this up?

1 Accepted Solution

Avatar

Correct answer by
Level 5

@Aswini If the user is an admin user then he will be able to impersonate any user. For any other user say A (even with Administrator group) should be added as an impersonator for   user B(In http://localhost:4502/useradmin) for user A to impersonate User B.

 

Are you trying this with admin user or a user with Administrator group ?

View solution in original post

2 Replies

Avatar

Correct answer by
Level 5

@Aswini If the user is an admin user then he will be able to impersonate any user. For any other user say A (even with Administrator group) should be added as an impersonator for   user B(In http://localhost:4502/useradmin) for user A to impersonate User B.

 

Are you trying this with admin user or a user with Administrator group ?

Avatar

Level 4

I'm refactoring some very old code where getAdministrativeResourceResolver is used.

There is a function that reads and creates content on behalf of another user. Impersonation is used for that purpose. But If I change getAdministrativeResourceResolver to getServiceResourceResolver even with service user that is member of administrators group, I'm not able to impersonate:

 

org.apache.sling.api.resource.LoginException: Impersonation not allowed.

 

Finally I found a workaround: impersonate service user to admin first and then impersonate admin to user:

 

Map<String,Object> authenticationInfo = new HashMap<String,Object>();
authenticationInfo.put(ResourceResolverFactory.USER_IMPERSONATION, "admin");
try (ResourceResolver adminResourceResolver = resourceResolverFactory.getServiceResourceResolver(authenticationInfo)) {
    Session adminSession = adminResourceResolver.adaptTo(Session.class);

    SimpleCredentials userCreds = new SimpleCredentials(username, new char[0]);
    Session userSession = adminSession.impersonate(userCreds);
    logger.info("impersonated user:" + userSession.getUserID());
} catch(Exception e) {
	logger.error("Cannot login", e);
}

 

It seems to work. But wouldn't be better to leave original deprecated getAdministrativeResourceResolver instead of such a ugly workaround?

 

What is the proper solution of this use case?

 

Thanks,

--- Jaroslav