[jira] [Commented] (SLING-2944) Replace administrative login by service-based login

Fri, 06 Sep 2013 02:38:22 -0700 

    [ 
https://issues.apache.org/jira/browse/SLING-2944?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13760085#comment-13760085
 ] 

Carsten Ziegeler commented on SLING-2944:
-----------------------------------------

I've removed the header stuff in rev 1520522
                
> Replace administrative login by service-based login
> ---------------------------------------------------
>
>                 Key: SLING-2944
>                 URL: https://issues.apache.org/jira/browse/SLING-2944
>             Project: Sling
>          Issue Type: New Feature
>          Components: API, JCR, ResourceResolver, Service User Mapper
>    Affects Versions: JCR Resource 2.2.8, JCR Jackrabbit Server 2.1.0, JCR 
> Base 2.1.2, JCR API 2.1.0, API 2.4.2, Resource Resolver 1.0.6
>            Reporter: Felix Meschberger
>            Assignee: Felix Meschberger
>             Fix For: Service User Mapper 1.0.0, Servlets Resolver 2.2.6, JCR 
> Resource 2.3.0, JCR Jackrabbit Server 2.2.0, JCR Base 2.1.4, JCR API 2.2.0, 
> File System Resource Provider 1.1.4, Extensions Bundleresource 2.1.4, API 
> 2.5.0, Resource Resolver 1.1.0
>
>         Attachments: serviceusermapper.tgz, SLING-2944.patch
>
>
> From the start Sling tried to solve the problem of providing services access 
> to the repository and resource tree without having to hard code and configure 
> any passwords. This was done first with the 
> SlingRepository.loginAdministrative and later with the 
> ResourceResolverFactory.getAdministrativeResourceResolver methods.
> Over time this mechanism proved to be the hammer to hit all nails. 
> Particularly these methods while truly useful have the disadvantage of 
> providing full administrative privileges to services where just some specific 
> kind of privilege would be enough.
> For example for the JSP compiler it would be enough to be able to read the 
> JSP source scripts and write the Java classes out to the JSP compiler's 
> target location. Other access is not required. Similarly to manage users user 
> management privileges are enough and no access to /content is really required.
> To solve this problem a new API for Service Authentication has been proposed 
> at https://cwiki.apache.org/confluence/display/SLING/Service+Authentication. 
> The prototype of which is implemented in 
> http://svn.apache.org/repos/asf/sling/whiteboard/fmeschbe/deprecate_login_administrative.
> This issue is about merging the prototype code back into trunk and thus fully 
> implementing the feature.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to