[ https://issues.apache.org/jira/browse/SLING-4624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14495932#comment-14495932 ]
Dominique Jäggi commented on SLING-4624: ---------------------------------------- added OAK-2772 > Implement Subject-Support for Events, Preprocessors and Jobs > ------------------------------------------------------------ > > Key: SLING-4624 > URL: https://issues.apache.org/jira/browse/SLING-4624 > Project: Sling > Issue Type: Improvement > Components: ResourceResolver > Affects Versions: Resource Resolver 1.2.4 > Reporter: Dominique Jäggi > > When processing events or jobs the corresponding session that triggered the > event is usually lost. This leads to event handlers and job processors often > using administrative sessions to do their work. As per the effort of > eliminating all loginAdministrative use, there must be an alternative > solution. There preferred approach to solve this problem: > * Pass a serialization of the event-causing Subject in the event payload, and > create a ResourceResolver based on that subject (e.g. using JAAS > doAsPrivileged in the ResourceResolverFactory). > ** Pros: "Clean" implementation from a security POV. Avoids > re-authentication. Operates with the original privileges. Security relevant > code transparent to the consumer of the event. > ** Cons: Needs refactoring. Security relevant code transparent to the > consumer of the event (might also lead to problems). > Above approach is currently only partially implementable, as repository > events may be swallowed due to oak compressing commits upon encountering > certain loads, thus eliminating particular events or aggregating an event > under a different user than the "sub-event". -- This message was sent by Atlassian JIRA (v6.3.4#6332)