Jörg Hoh created SLING-7613:
-------------------------------
Summary: Remove deprecation of
SlingRepository.loginAdministrative()
Key: SLING-7613
URL: https://issues.apache.org/jira/browse/SLING-7613
Project: Sling
Issue Type: New Feature
Components: ResourceResolver
Affects Versions: Resource Resolver 1.5.36
Reporter: Jörg Hoh
There was a discussion on the Sling user list [1] about usecases which can only
be solved using the deprecated loginAdministrative() call. In the context of
Sling and Oak there are indeed a few cases which can be solved best with a true
admin session:
* locking and unlocking nodes which have been locked by a different user.
* at deployments resources/nodes are deployed at many locations inside the
repo, so you can either use an admin session or a system-user with an
equivalent set of permissions.
* the discussions leaves it open if the impersonation feature internally relies
on an admin session or can be achieved without it.
System users should be the preferred, but I would like to have an offical and
non-deprecated way to get an admin session in the API. It's ok if I need to
configure the explicit whitelisting as it is in place right now. But it should
be there.
Plus there should be proper documentation when to use which approach.
[1]
http://apache-sling.73963.n3.nabble.com/Deprecation-of-SlingRepository-loginAdministrative-td4081024.html
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
