Hi, On Mon, Nov 9, 2020 at 1:31 PM Julian Sedding <[email protected]> wrote: > ...In SLING-9874 I added an adapter factory to the XSS Protection API > module, which can adapt a SlingHttpServletRequest or a > ResourceResolver to an XSSAPI...
Although we've been doing such things in the past I don't think it's a good idea, as it's adapting a Request to <something different which is not a request>. IOW I think adaptation should, in general, only be used to convert between "different views of the same thing" which is not the case here. Converting a Sling Resource to a JCR Node for example is clearly "different views of the same thing", so ok from that perspective. I have the impression that there's an implicit consensus among several of us about this but we might want to document it better. Sorry that this lack of clarity is causing extra work for you. > ...Now, according to comments in SLING-9874 it seems that Konrad and Radu > are opposed to this adapter factory... Given the above comments I also prefer that you omit that adapter factory. I suppose the XSSAPI is an OSGi service, if that's the case there are other, better, less "magic" ways to acquire it. -Bertrand
