[jira] [Commented] (SLING-7613) Remove deprecation of SlingRepository.loginAdministrative()

[JIRA]

    [ 
https://issues.apache.org/jira/browse/SLING-7613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16547326#comment-16547326
 ] 

Jörg Hoh commented on SLING-7613:
---------------------------------

I don't think that using open-scoped locked sessions is so commonly used. In 
the cases I saw in the last years, the Lock was never used (that means 
associated to a session) to unlock a node. Based on my experience the unlocking 
is always done based on the ownership.

So I think that your statement is correct. But to unlock nodes without to rely 
on the ownership of the lock (or being the admin user), it would require a 
number of changes to all applications which use locking. And I don't think that 
it is always that easy to implement it there.

> Remove deprecation of SlingRepository.loginAdministrative()
> -----------------------------------------------------------
>
>                 Key: SLING-7613
>                 URL: https://issues.apache.org/jira/browse/SLING-7613
>             Project: Sling
>          Issue Type: New Feature
>          Components: API
>    Affects Versions: JCR API 2.4.0
>            Reporter: Jörg Hoh
>            Assignee: Robert Munteanu
>            Priority: Major
>             Fix For: JCR API 2.4.2
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> There was a discussion on the Sling user list [1] about usecases which can 
> only be solved using the deprecated loginAdministrative() call. In the 
> context of Sling and Oak there are indeed a few cases which can be solved 
> best with a true admin session:
> * locking and unlocking nodes which have been locked by a different user.
> * at deployments resources/nodes are deployed at many locations inside the 
> repo, so you can either use an admin session or a system-user with an 
> equivalent set of permissions.
> * the discussions leaves it open if the impersonation feature internally 
> relies on an admin session or can be achieved without it.
> System users should be the preferred, but I would like to have an offical and 
> non-deprecated way to get an admin session in the API. It's ok if I need to 
> configure the explicit whitelisting as it is in place right now. But it 
> should be there.
> Plus there should be proper documentation when to use which approach.
> [1] 
> http://apache-sling.73963.n3.nabble.com/Deprecation-of-SlingRepository-loginAdministrative-td4081024.html



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)