Hi, This is about SLING-5135, do people have ideas for identifying which usages of loginAdministrative are acceptable?
I'll need this for SLING-5355 for example, which creates users and sets access control. IMO the proper way to keep track of this is to keep the explanation why the programmer thinks it's ok to use loginAdministrative in the code, next to the "get admin session" call. Here's a suggested pattern that forces the caller to use a specific wrapper class to get an admin session: // This code needs an admin session, for a valid reason // which is spelled out in the SlingAdminSession constructor Session s = new SlingAdminSession(repository, "setting access control at Sling startup").getSession(); And we modify the existing loginAdministrative method to fail (when isDisableLoginAdministrative is true) unless it is called from SlingAdminSession, detected using Thread.currentThread().getStackTrace(). This allows for removing all loginAdministrative calls from our code, and easily checking that with grep. And also auditing with grep where "new style" admin sessions are used. We can then use a similar pattern for ResourceResolverFactory.getAdministrativeResourceResolver(), if we are still using this deprecated method. WDYT? -Bertrand
