[NXP-2527] Fix security issue in local session - Nuxeo Issue Tracker

XML

Word

Printable

Upgrade notes:

Hide

This issue only applies to unit tests:
When test code needs to open a session with administrator, username must be added explicitely in session context when opening it. For instance:
// opening a system session
Framework.login();
RepositoryManager manager = Framework.getService(RepositoryManager.class);
Map<String, Serializable> context = new HashMap<String, Serializable>();
context.put("username", "system");
coreSession = manager.getRepository(repo).open(context);

Show
This issue only applies to unit tests: When test code needs to open a session with administrator, username must be added explicitely in session context when opening it. For instance: // opening a system session Framework.login(); RepositoryManager manager = Framework.getService(RepositoryManager.class); Map<String, Serializable> context = new HashMap<String, Serializable>(); context.put("username", "system"); coreSession = manager.getRepository(repo).open(context);

When creating a session without a principal, one named "Administrator" is used.