Skip to content

June 11, 2014

Adobe AEM 5.6.1: Changes to the Impersonation

by Andreas Schaefer

In the past few days I had to investigate on how to manage impersonation and it turns out that behind the scenes a lot has changed since 5.5 and I am not 100% sure what and why. Here is a rundown on the changes I experienced and on how to manage the impersonation programmatically using CURL.To recap in 5.5 impersonation could be done by giving the impersonator access to the parts of the impersonatoree’s home folder. In 5.6.1 this is not the case anymore and is replaced with a property called rep:impersonators in the impersonatoree’s node. In addition the function addImpersonators** on the user’s home folder path + “.rw.html” is not working anymore (not sure if that worked in 5.5). Now one has to use *memberAction and memberEntry on the user’s home folder path.

The nasty thing about this is that one has to provide a list of all impersonators of the target users. In addition only users can be added as impersonators and only users can be impersonatorees. Finally the admin user is handled differently and does not need to be added to the list of impersonators, actually AEM will ignore admin. Still any other administrator (member of group administrators) needs to be added as impersonators if desired to do so.

In order to add impersonators to an impersonatoree you need to do the following:

curl -u admin:admin -F"memberAction=sudoers" -F"memberEntry=impersonator" -F"memberEntry=impersonator2" http://localhost:4502/home/users/geometrixx/author

As you can see I add user impersonator and impersonator2 as impersonator to the user author from the Geometrixx example.

If you would do the following afterwards:

curl -u admin:admin -F"memberAction=sudoers" -F"memberEntry=impersonator3" http://localhost:4502/home/users/geometrixx/author

then the author would only have impersonators3 as impersonator (if that user does exist).

Attention: if an impersonator user does not exist the call will still return a status code of 200 even though the impersonator was ignored. So it is advisable to check your changes after your are done.

Cheers – Andy

Leave a comment