Impersonating user

Question

Hi All,A user with Admin rights couldn't impersonate any users in AEM 6.1Is it a bug? Any possible solution to fix this up?

raghavc · Accepted Answer

@aswini If the user is an admin user then he will be able to impersonate any user. For any other user say A (even with Administrator group) should be added as an impersonator for user B(In http://localhost:4502/useradmin) for user A to impersonate User B.

Are you trying this with admin user or a user with Administrator group ?

pavrda · Answer

I'm refactoring some very old code where getAdministrativeResourceResolver is used.

There is a function that reads and creates content on behalf of another user. Impersonation is used for that purpose. But If I change getAdministrativeResourceResolver to getServiceResourceResolver even with service user that is member of administrators group, I'm not able to impersonate:

org.apache.sling.api.resource.LoginException: Impersonation not allowed.

Finally I found a workaround: impersonate service user to admin first and then impersonate admin to user:

Map<String,Object> authenticationInfo = new HashMap<String,Object>();
authenticationInfo.put(ResourceResolverFactory.USER_IMPERSONATION, "admin");
try (ResourceResolver adminResourceResolver = resourceResolverFactory.getServiceResourceResolver(authenticationInfo)) {
    Session adminSession = adminResourceResolver.adaptTo(Session.class);

    SimpleCredentials userCreds = new SimpleCredentials(username, new char[0]);
    Session userSession = adminSession.impersonate(userCreds);
    logger.info("impersonated user:" + userSession.getUserID());
} catch(Exception e) {
	logger.error("Cannot login", e);
}

It seems to work. But wouldn't be better to leave original deprecated getAdministrativeResourceResolver instead of such a ugly workaround?

What is the proper solution of this use case?

Thanks,

--- Jaroslav

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded