[ https://issues.apache.org/jira/browse/SLING-7613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16547326#comment-16547326 ]
Jörg Hoh commented on SLING-7613: --------------------------------- I don't think that using open-scoped locked sessions is so commonly used. In the cases I saw in the last years, the Lock was never used (that means associated to a session) to unlock a node. Based on my experience the unlocking is always done based on the ownership. So I think that your statement is correct. But to unlock nodes without to rely on the ownership of the lock (or being the admin user), it would require a number of changes to all applications which use locking. And I don't think that it is always that easy to implement it there. > Remove deprecation of SlingRepository.loginAdministrative() > ----------------------------------------------------------- > > Key: SLING-7613 > URL: https://issues.apache.org/jira/browse/SLING-7613 > Project: Sling > Issue Type: New Feature > Components: API > Affects Versions: JCR API 2.4.0 > Reporter: Jörg Hoh > Assignee: Robert Munteanu > Priority: Major > Fix For: JCR API 2.4.2 > > Time Spent: 10m > Remaining Estimate: 0h > > There was a discussion on the Sling user list [1] about usecases which can > only be solved using the deprecated loginAdministrative() call. In the > context of Sling and Oak there are indeed a few cases which can be solved > best with a true admin session: > * locking and unlocking nodes which have been locked by a different user. > * at deployments resources/nodes are deployed at many locations inside the > repo, so you can either use an admin session or a system-user with an > equivalent set of permissions. > * the discussions leaves it open if the impersonation feature internally > relies on an admin session or can be achieved without it. > System users should be the preferred, but I would like to have an offical and > non-deprecated way to get an admin session in the API. It's ok if I need to > configure the explicit whitelisting as it is in place right now. But it > should be there. > Plus there should be proper documentation when to use which approach. > [1] > http://apache-sling.73963.n3.nabble.com/Deprecation-of-SlingRepository-loginAdministrative-td4081024.html -- This message was sent by Atlassian JIRA (v7.6.3#76005)