[
https://issues.apache.org/jira/browse/SLING-4624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14495909#comment-14495909
]
Carsten Ziegeler commented on SLING-4624:
-----------------------------------------
The problem is that with Oak the subject info is not guaranteed to be
available. So I think this requires first support in Oak to always provide this
information.
> Implement Subject-Support for Events, Preprocessors and Jobs
> ------------------------------------------------------------
>
> Key: SLING-4624
> URL: https://issues.apache.org/jira/browse/SLING-4624
> Project: Sling
> Issue Type: Improvement
> Components: ResourceResolver
> Affects Versions: Resource Resolver 1.2.4
> Reporter: Dominique Jäggi
>
> When processing events or jobs the corresponding session that triggered the
> event is usually lost. This leads to event handlers and job processors often
> using administrative sessions to do their work. As per the effort of
> eliminating all loginAdministrative use, there must be an alternative
> solution. There preferred approach to solve this problem:
> * Pass a serialization of the event-causing Subject in the event payload, and
> create a ResourceResolver based on that subject (e.g. using JAAS
> doAsPrivileged in the ResourceResolverFactory).
> ** Pros: "Clean" implementation from a security POV. Avoids
> re-authentication. Operates with the original privileges. Security relevant
> code transparent to the consumer of the event.
> ** Cons: Needs refactoring. Security relevant code transparent to the
> consumer of the event (might also lead to problems).
> Above approach is currently only partially implementable, as repository
> events may be swallowed due to oak compressing commits upon encountering
> certain loads, thus eliminating particular events or aggregating an event
> under a different user than the "sub-event".
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
