kwin commented on code in PR #78:
URL: 
https://github.com/apache/sling-org-apache-sling-resourceresolver/pull/78#discussion_r939879452


##########
src/main/java/org/apache/sling/resourceresolver/impl/console/ResourceResolverWebConsolePlugin.java:
##########
@@ -160,14 +169,22 @@ protected void doGet(final HttpServletRequest request,
                         + "clearly marked, and the others listed for 
completeness.");
 
         pw.println("<tr class='content'>");
-        pw.println("<td class='content'>Test</td>");
         pw.print("<td class='content' colspan='2'>");
-        pw.print("<form method='post'>");
+        pw.println("<form method='post'>");
+        pw.print("Test ");
         pw.print("<input type='text' name='" + ATTR_TEST + "' value='");
         if (test != null) {
             pw.print(ResponseUtil.escapeXml(test));
         }
-        pw.println("' class='input' size='50'>");
+        pw.println("' class='input' size='20'>");
+        pw.print("User (optional)");
+        pw.print("<input type='text' name='" + ATTR_USER + "' value='");

Review Comment:
   Maybe add a hint that this does only work/has an effect on resources 
resolved by the JCR resource provider.



##########
src/main/java/org/apache/sling/resourceresolver/impl/console/ResourceResolverWebConsolePlugin.java:
##########
@@ -255,19 +278,42 @@ protected void doPost(HttpServletRequest request,
         // finally redirect
         final String path = request.getContextPath() + request.getServletPath()
         + request.getPathInfo();
-        final String redirectTo;
+        String redirectTo;
         if (msg == null) {
             redirectTo = path;
         } else {
             redirectTo = path + '?' + PAR_MSG + '=' + encodeParam(msg) + '&'
                     + PAR_TEST + '=' + encodeParam(test);
+                if ( user != null && user.length() > 0 ) {
+                    redirectTo += '&' + PAR_USER + '=' + encodeParam(user);
+                }
         }
         response.sendRedirect(redirectTo);
     }
 
+    private ResourceResolver 
getImpersonatedResourceResolver(HttpServletRequest request, final String user)
+            throws LoginException {
+
+        // resolver is set by the auth.core bundle in case of successful 
authentication, so it should
+        // always be there
+        Object resolverAttribute = 
request.getAttribute(AuthenticationSupport.REQUEST_ATTRIBUTE_RESOLVER);

Review Comment:
   Shouldn't this rather be based on service resource resolver as well to make 
it work with all web console security providers?



##########
src/main/java/org/apache/sling/resourceresolver/impl/console/ResourceResolverWebConsolePlugin.java:
##########
@@ -255,19 +278,42 @@ protected void doPost(HttpServletRequest request,
         // finally redirect
         final String path = request.getContextPath() + request.getServletPath()
         + request.getPathInfo();
-        final String redirectTo;
+        String redirectTo;
         if (msg == null) {
             redirectTo = path;
         } else {
             redirectTo = path + '?' + PAR_MSG + '=' + encodeParam(msg) + '&'
                     + PAR_TEST + '=' + encodeParam(test);
+                if ( user != null && user.length() > 0 ) {
+                    redirectTo += '&' + PAR_USER + '=' + encodeParam(user);
+                }
         }
         response.sendRedirect(redirectTo);
     }
 
+    private ResourceResolver 
getImpersonatedResourceResolver(HttpServletRequest request, final String user)
+            throws LoginException {
+
+        // resolver is set by the auth.core bundle in case of successful 
authentication, so it should
+        // always be there
+        Object resolverAttribute = 
request.getAttribute(AuthenticationSupport.REQUEST_ATTRIBUTE_RESOLVER);
+        if ( !(resolverAttribute instanceof ResourceResolver) ) {
+            throw new IllegalArgumentException("No " + 
ResourceResolver.class.getSimpleName() + " found in request, unable to proceed 
with impersonation");
+        }
+
+        @SuppressWarnings("resource") // not a leak, we don't own this resolver
+        ResourceResolver currentResolver = (ResourceResolver) 
resolverAttribute;
+
+        Map<String, Object> authenticationInfo = new HashMap<>();
+        authenticationInfo.put(ResourceResolverFactory.USER_IMPERSONATION, 
user);
+        
authenticationInfo.put(JcrResourceConstants.AUTHENTICATION_INFO_SESSION, 
currentResolver.adaptTo(Session.class));

Review Comment:
   This adaptTo may return null in case JCR resource provider is not used, a 
null check is necessary here.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to