On Tue, Dec 29, 2015 at 11:29 AM, Carsten Ziegeler <[email protected]> wrote: ... >> If "admin safe" mode is enabled, loginAdmin fails *unless* the code >> that calls is is marked with the reason why it's needed. > > Don't want to be a pita, but that requirement is not in the issue :)..
I said "IMO" ;-) Anyway we can use this discussion to clarify that requirement, and update the ticket later. >... Why can't we simply use the same concept as for the service users? > The caller bundle needs to be in a list of allowed bundles... If we accept that the granularity is at the bundle level then yes, that would work, the SLING-5135 requirement then becomes >> If "admin safe" mode is enabled, loginAdmin fails *unless* it's called from >> a bundle that's in the list of allowed bundles. -Bertrand
