Hi, On Tue, Dec 29, 2015 at 8:28 PM, Marius Petria <mpet...@adobe.com> wrote: > ....An alternative way to spin this is to actually deprecate loginAdmin and > keep the loginService as > the only login API for such things. An admin session should be obtain via > loginService if the > service is mapped to “admin” user. We can have the white list of bundles and > services that are > allowed to map to “admin" and that can be implemented at validator level....
I think it's useful for existing bundles that use loginAdmin to continue to work without changes - in this respect Carsten's solution, to whitelist bundles which can do that, makes it easier to manage the transition, for existing code. -Bertrand