[
https://issues.apache.org/jira/browse/SLING-3899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14136926#comment-14136926
]
Marius Petria commented on SLING-3899:
--------------------------------------
The proposal means that each API (agent, importer, exporter) should take a
ResourceResolver and use it to access content.
This is easy to implement for blocking APIs (importer, exporter) as they access
the repository before the operation is finished. For non-blocking API (like
agent) that might use multiple queues until finishing an operation the
postponed executions cannot be executed in the context of the initial resource
resolver.
We face a choice here:
1. Keep the API as it is (no ResourceResolver) and access content with
configurable system users
2. Use the ResourceResolver and serialize the subject in jobs such that even in
job handlers the actions are done using the original user credentials.
> Access content for replication on behalf of the user that triggered the
> replication
> -----------------------------------------------------------------------------------
>
> Key: SLING-3899
> URL: https://issues.apache.org/jira/browse/SLING-3899
> Project: Sling
> Issue Type: Improvement
> Components: Replication
> Reporter: Marius Petria
>
> Currently the content is accessed via an administrative session. We need to
> pass a ResourceResolver via all APIs to ensure that the content is accessed
> only be users that have the right.
> For rule triggered requests the actions should be done on the behalf of a
> replication-service-user.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
