You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Carsten Ziegeler (JIRA)" <ji...@apache.org> on 2015/08/10 07:38:45 UTC
[jira] [Assigned] (SLING-4888) Add
SlingRepository.impersonateFromService
[ https://issues.apache.org/jira/browse/SLING-4888?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carsten Ziegeler reassigned SLING-4888:
---------------------------------------
Assignee: Carsten Ziegeler
> Add SlingRepository.impersonateFromService
> ------------------------------------------
>
> Key: SLING-4888
> URL: https://issues.apache.org/jira/browse/SLING-4888
> Project: Sling
> Issue Type: New Feature
> Components: JCR
> Reporter: angela
> Assignee: Carsten Ziegeler
> Fix For: JCR Jackrabbit Server 2.3.0, JCR Base 2.3.0, JCR API 2.3.0, JCR Oak Server 1.0.0
>
> Attachments: SLING-4888.patch, SLING-4888_2.patch
>
>
> as discussed before it it would be generally preferable to perform event-based with the original subject that triggered the event instead of using a clone of the privileged session that was used to register the event listener.
> using the original subject (instead of just using the privileged session) will ultimately always results in the same piece of code which consists of
> - {{SlingRepository.loginService}} or {{SlingRepository.loginAdministrative}} followed by
> - {{Session.impersonate}} to obtain a session associated with the original subject
> - {{Session.logout}} for the privileged session
> - {{Session.logout}} for the impersonated session
> To ease the usage of the original subject, which usually would be preferable from a security point of view, I would like to suggest to introduce {{SlingRepository.impersonateFromService}}, which not only reduced the total amount of code to be written but also helped developers to move away from using {{loginAdministrative}}. Furthermore an implementation may also take advantage of implementation details and avoid the duplicate authentication altogether.
> Initial proposal of the API extension -> see attached patch
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)