You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "angela (JIRA)" <ji...@apache.org> on 2015/07/16 09:59:04 UTC

[jira] [Created] (SLING-4888) Add SlingRepository.impersonateFromService

angela created SLING-4888:
-----------------------------

             Summary: Add SlingRepository.impersonateFromService
                 Key: SLING-4888
                 URL: https://issues.apache.org/jira/browse/SLING-4888
             Project: Sling
          Issue Type: New Feature
          Components: JCR
            Reporter: angela


as discussed before it it would be generally preferable to perform event-based with the original subject that triggered the event instead of using a clone of the privileged session that was used to register the event listener.

using the original subject (instead of just using the privileged session) will ultimately always results in the same piece of code which consists of
- {{SlingRepository.loginService}} or {{SlingRepository.loginAdministrative}} followed by
- {{Session.impersonate}} to obtain a session associated with the original subject
- {{Session.logout}} for the privileged session
- {{Session.logout}} for the impersonated session

To ease the usage of the original subject, which usually would be preferable from a security point of view, I would like to suggest to introduce {{SlingRepository.impersonateFromService}}, which not only reduced the total amount of code to be written but also helped developers to move away from using {{loginAdministrative}}. Furthermore an implementation may also take advantage of implementation details and avoid the duplicate authentication altogether.

Initial proposal of the API extension -> see attached patch





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)