Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Impersonating user

Avatar

Level 1

Hi All,

A user with Admin rights couldn't impersonate any users in AEM 6.1

Is it a bug? Any possible solution to fix this up?

1 Accepted Solution

Avatar

Correct answer by
Level 5

@Aswini If the user is an admin user then he will be able to impersonate any user. For any other user say A (even with Administrator group) should be added as an impersonator for   user B(In http://localhost:4502/useradmin) for user A to impersonate User B.

 

Are you trying this with admin user or a user with Administrator group ?

View solution in original post

2 Replies

Avatar

Correct answer by
Level 5

@Aswini If the user is an admin user then he will be able to impersonate any user. For any other user say A (even with Administrator group) should be added as an impersonator for   user B(In http://localhost:4502/useradmin) for user A to impersonate User B.

 

Are you trying this with admin user or a user with Administrator group ?

Avatar

Level 4

I'm refactoring some very old code where getAdministrativeResourceResolver is used.

There is a function that reads and creates content on behalf of another user. Impersonation is used for that purpose. But If I change getAdministrativeResourceResolver to getServiceResourceResolver even with service user that is member of administrators group, I'm not able to impersonate:

 

org.apache.sling.api.resource.LoginException: Impersonation not allowed.

 

Finally I found a workaround: impersonate service user to admin first and then impersonate admin to user:

 

Map<String,Object> authenticationInfo = new HashMap<String,Object>();
authenticationInfo.put(ResourceResolverFactory.USER_IMPERSONATION, "admin");
try (ResourceResolver adminResourceResolver = resourceResolverFactory.getServiceResourceResolver(authenticationInfo)) {
    Session adminSession = adminResourceResolver.adaptTo(Session.class);

    SimpleCredentials userCreds = new SimpleCredentials(username, new char[0]);
    Session userSession = adminSession.impersonate(userCreds);
    logger.info("impersonated user:" + userSession.getUserID());
} catch(Exception e) {
	logger.error("Cannot login", e);
}

 

It seems to work. But wouldn't be better to leave original deprecated getAdministrativeResourceResolver instead of such a ugly workaround?

 

What is the proper solution of this use case?

 

Thanks,

--- Jaroslav