Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

Impersonating user

Avatar

Level 1
Level 1
6/29/17 8:42:20 AM

Hi All,

A user with Admin rights couldn't impersonate any users in AEM 6.1

Is it a bug? Any possible solution to fix this up?

Views

1.0K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 5
Level 5
7/1/20 2:17:03 PM

@Aswini If the user is an admin user then he will be able to impersonate any user. For any other user say A (even with Administrator group) should be added as an impersonator for   user B(In http://localhost:4502/useradmin) for user A to impersonate User B.

 

Are you trying this with admin user or a user with Administrator group ?

View solution in original post

Views

754

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Correct answer by
Level 5
Level 5
7/1/20 2:17:03 PM

@Aswini If the user is an admin user then he will be able to impersonate any user. For any other user say A (even with Administrator group) should be added as an impersonator for   user B(In http://localhost:4502/useradmin) for user A to impersonate User B.

 

Are you trying this with admin user or a user with Administrator group ?

Views

755

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 4
Level 4
8/24/22 1:04:38 AM

I'm refactoring some very old code where getAdministrativeResourceResolver is used.

There is a function that reads and creates content on behalf of another user. Impersonation is used for that purpose. But If I change getAdministrativeResourceResolver to getServiceResourceResolver even with service user that is member of administrators group, I'm not able to impersonate:

 

org.apache.sling.api.resource.LoginException: Impersonation not allowed.

 

Finally I found a workaround: impersonate service user to admin first and then impersonate admin to user:

 

Map<String,Object> authenticationInfo = new HashMap<String,Object>();
authenticationInfo.put(ResourceResolverFactory.USER_IMPERSONATION, "admin");
try (ResourceResolver adminResourceResolver = resourceResolverFactory.getServiceResourceResolver(authenticationInfo)) {
    Session adminSession = adminResourceResolver.adaptTo(Session.class);

    SimpleCredentials userCreds = new SimpleCredentials(username, new char[0]);
    Session userSession = adminSession.impersonate(userCreds);
    logger.info("impersonated user:" + userSession.getUserID());
} catch(Exception e) {
	logger.error("Cannot login", e);
}

 

It seems to work. But wouldn't be better to leave original deprecated getAdministrativeResourceResolver instead of such a ugly workaround?

 

What is the proper solution of this use case?

 

Thanks,

--- Jaroslav

 

Views

560

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
AEM Cloud, impersonate user Solved

Views

299

Likes

0

Replies

7
AEM Users: Which Third-Party Tool Do You Prefer - Veracode, Snyk, or Others ? Solved

Views

126

Likes

0

Replies

4
Access rights for folders based on users Solved

Views

127

Likes

0

Replies

1
Check if user has replicate rights through java code Solved

Views

249

Likes

0

Replies

3
AEM Workflow to return multiple groups and users in a Participant Step Chooser Solved

Views

366

Likes

0

Replies

7