Bertrand Delacretaz wrote > Hi, > > On Tue, Dec 29, 2015 at 10:10 AM, Carsten Ziegeler <[email protected]> > wrote: >> I don't understand what makes grepping for SlingAdminSession easier than >> grepping for loginAdministrative? > > Grepping for loginAdministrative returns all existing legacy > occurences, you have no way of knowing of they have been validated as > having good reasons.
Hmm, ok > > Grepping SlingAdminSession returns only calls that have been added > after introducing this SLING-5135 whitelisting mechanism. And its > constructor requires providing a reason for getting an admin session, > so the justification is "local" to the code, no need to search > elsewhere. > Well, this looks nice, but the reason has no real value, I can put there "This code needs it", "Workaround" etc. So having this in the API is not really of value. But how does SlingAdminSession work? How is it protected from being called all over the place? Carsten -- Carsten Ziegeler Adobe Research Switzerland [email protected]
