Dominique Jäggi created SLING-4624:
--------------------------------------
Summary: Implement Subject-Support for Events, Preprocessors and
Jobs
Key: SLING-4624
URL: https://issues.apache.org/jira/browse/SLING-4624
Project: Sling
Issue Type: Improvement
Components: ResourceResolver
Affects Versions: Resource Resolver 1.2.4
Reporter: Dominique Jäggi
When processing events or jobs the corresponding session that triggered the
event is usually lost. This leads to event handlers and job processors often
using administrative sessions to do their work. As per the effort of
eliminating all loginAdministrative use, there must be an alternative solution.
There preferred approach to solve this problem:
* Pass a serialization of the event-causing Subject in the event payload, and
create a ResourceResolver based on that subject (e.g. using JAAS doAsPrivileged
in the ResourceResolverFactory).
** Pros: "Clean" implementation from a security POV. Avoids re-authentication.
Operates with the original privileges. Security relevant code transparent to
the consumer of the event.
** Cons: Needs refactoring. Security relevant code transparent to the consumer
of the event (might also lead to problems).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
