The Javadoc documentation of Session.impersonate says: "Allows the current user to impersonate another...". Could this be changed to "Allows the current user to impersonate a user..." or "another or the same user..."?
I currently use this method to clone a session ('impersonate myself') using:
session.impersonate(new SimpleCredentials(session.getUserID(), "".toCharArray()));
Of course it's a somewhat sneaky way to clone a session, but there is no other API (there is no session.clone). Of course, instead of cloning a session, I could open a new session, but in that case I would have to keep the credentials, which is a security problem (I would like to clear the password field).
I don't immediately see a reason why impersonating myself should be disallowed in general, if the session has the required access rights. Technically, its already possible to define two users that can impersonate each other.