You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "angela (JIRA)" <ji...@apache.org> on 2015/07/16 09:59:04 UTC
[jira] [Created] (SLING-4888) Add
SlingRepository.impersonateFromService
angela created SLING-4888:
-----------------------------
Summary: Add SlingRepository.impersonateFromService
Key: SLING-4888
URL: https://issues.apache.org/jira/browse/SLING-4888
Project: Sling
Issue Type: New Feature
Components: JCR
Reporter: angela
as discussed before it it would be generally preferable to perform event-based with the original subject that triggered the event instead of using a clone of the privileged session that was used to register the event listener.
using the original subject (instead of just using the privileged session) will ultimately always results in the same piece of code which consists of
- {{SlingRepository.loginService}} or {{SlingRepository.loginAdministrative}} followed by
- {{Session.impersonate}} to obtain a session associated with the original subject
- {{Session.logout}} for the privileged session
- {{Session.logout}} for the impersonated session
To ease the usage of the original subject, which usually would be preferable from a security point of view, I would like to suggest to introduce {{SlingRepository.impersonateFromService}}, which not only reduced the total amount of code to be written but also helped developers to move away from using {{loginAdministrative}}. Furthermore an implementation may also take advantage of implementation details and avoid the duplicate authentication altogether.
Initial proposal of the API extension -> see attached patch
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)