[jira] [Created] (SLING-2944) Replace administrative login by service-based login

Thu, 04 Jul 2013 00:14:33 -0700 

Felix Meschberger created SLING-2944:
----------------------------------------

             Summary: Replace administrative login by service-based login
                 Key: SLING-2944
                 URL: https://issues.apache.org/jira/browse/SLING-2944
             Project: Sling
          Issue Type: New Feature
          Components: API, JCR, ResourceResolver
    Affects Versions: Resource Resolver 1.0.6, API 2.4.2, JCR API 2.1.0, JCR 
Base 2.1.2, JCR Jackrabbit Server 2.1.0, JCR Resource 2.2.8
            Reporter: Felix Meschberger
            Assignee: Felix Meschberger
             Fix For: JCR Resource 2.2.10, JCR Jackrabbit Server 2.1.2, JCR 
Base 2.1.4, JCR API 2.1.2, API 2.4.4, Resource Resolver 1.0.8


>From the start Sling tried to solve the problem of providing services access 
>to the repository and resource tree without having to hard code and configure 
>any passwords. This was done first with the 
>SlingRepository.loginAdministrative and later with the 
>ResourceResolverFactory.getAdministrativeResourceResolver methods.

Over time this mechanism proved to be the hammer to hit all nails. Particularly 
these methods while truly useful have the disadvantage of providing full 
administrative privileges to services where just some specific kind of 
privilege would be enough.

For example for the JSP compiler it would be enough to be able to read the JSP 
source scripts and write the Java classes out to the JSP compiler's target 
location. Other access is not required. Similarly to manage users user 
management privileges are enough and no access to /content is really required.

To solve this problem a new API for Service Authentication has been proposed at 
https://cwiki.apache.org/confluence/display/SLING/Service+Authentication. The 
prototype of which is implemented in 
http://svn.apache.org/repos/asf/sling/whiteboard/fmeschbe/deprecate_login_administrative.

This issue is about merging the prototype code back into trunk and thus fully 
implementing the feature.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to