[ https://issues.apache.org/jira/browse/SLING-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14098577#comment-14098577 ]
angela commented on SLING-3854: ------------------------------- wouldn't that have a negative impact on performance if you execute the validation for each call? i would just validate it upon registration and make that pluggable... e.g. with a ServiceUserValidator interface and with a reference in the mapper that can deal with multiple implementations... then people may also be able to use this concept with their custom login modules, their custom principal provider, their custom way of providing service users that may or may not be stored in the repository... specially with third party integrations i am not convinced that creating service users that then read third party credentials from the repository content is really a perfect setup... why shouldn't we be able in the future to make sure such a third party integration registers the service-user and provide it's private authentication mechanism and providing the service user with all information that is needed to deal with the third party integration... without having to store credentials in a place that is potentially not properly security, with an extra service user that need to be able to read these credentials and so forth... i didn't yet think about in all details but my gut feeling tells me that this should be easily extensible in the future... like we do nowadays with bundles that provide both a Sling AuthenticationHandler and a pluggable LoginModule that establish trust by using bundle private information. > Add configuration option to restrict service user mapper to system users > ------------------------------------------------------------------------ > > Key: SLING-3854 > URL: https://issues.apache.org/jira/browse/SLING-3854 > Project: Sling > Issue Type: Improvement > Components: Service User Mapper > Reporter: angela > > JCR-3802 introduces the concept of system users that distinct from regular > user accounts and never have a password set. the API extensions include to > following ability to discover if a given User is actually a system user: > {{User.isSystemUser}}. > It would be good if the service user mapping had a configuration option that > would restrict the mapping to dedicated service users i.e. to users which are > defined to be system users in case sling is running on a JCR repository that > implements jackrabbit API. -- This message was sent by Atlassian JIRA (v6.2#6252)