Hi All,
A user with Admin rights couldn't impersonate any users in AEM 6.1
Is it a bug? Any possible solution to fix this up?
Solved! Go to Solution.
Views
Replies
Total Likes
@Aswini If the user is an admin user then he will be able to impersonate any user. For any other user say A (even with Administrator group) should be added as an impersonator for user B(In http://localhost:4502/useradmin) for user A to impersonate User B.
Are you trying this with admin user or a user with Administrator group ?
@Aswini If the user is an admin user then he will be able to impersonate any user. For any other user say A (even with Administrator group) should be added as an impersonator for user B(In http://localhost:4502/useradmin) for user A to impersonate User B.
Are you trying this with admin user or a user with Administrator group ?
I'm refactoring some very old code where getAdministrativeResourceResolver is used.
There is a function that reads and creates content on behalf of another user. Impersonation is used for that purpose. But If I change getAdministrativeResourceResolver to getServiceResourceResolver even with service user that is member of administrators group, I'm not able to impersonate:
org.apache.sling.api.resource.LoginException: Impersonation not allowed.
Finally I found a workaround: impersonate service user to admin first and then impersonate admin to user:
Map<String,Object> authenticationInfo = new HashMap<String,Object>(); authenticationInfo.put(ResourceResolverFactory.USER_IMPERSONATION, "admin"); try (ResourceResolver adminResourceResolver = resourceResolverFactory.getServiceResourceResolver(authenticationInfo)) { Session adminSession = adminResourceResolver.adaptTo(Session.class); SimpleCredentials userCreds = new SimpleCredentials(username, new char[0]); Session userSession = adminSession.impersonate(userCreds); logger.info("impersonated user:" + userSession.getUserID()); } catch(Exception e) { logger.error("Cannot login", e); }
It seems to work. But wouldn't be better to leave original deprecated getAdministrativeResourceResolver instead of such a ugly workaround?
What is the proper solution of this use case?
Thanks,
--- Jaroslav
Views
Replies
Total Likes
Views
Likes
Replies