On 1/6/16, 3:51 PM, "Bertrand Delacretaz" <[email protected]> wrote:
>Hi,
>
>On Tue, Dec 29, 2015 at 8:28 PM, Marius Petria <[email protected]> wrote:
>> ....An alternative way to spin this is to actually deprecate loginAdmin and
>> keep the loginService as
>> the only login API for such things. An admin session should be obtain via
>> loginService if the
>> service is mapped to “admin” user. We can have the white list of bundles and
>> services that are
>> allowed to map to “admin" and that can be implemented at validator level....
>
>I think it's useful for existing bundles that use loginAdmin to
>continue to work without changes - in this respect Carsten's solution,
>to whitelist bundles which can do that, makes it easier to manage the
>transition, for existing code.
>
>-Bertrand
I think the spirit is to force every bundle to analyze its requirements and
switch to loginService and only exceptionally use and admin session. If there
is an easy config option to bypass it I think it will be used. In the end I am
OK with using loginAdmin but I wanted to emphasize that it means we will not be
able to properly deprecate it from SlingRepository and eventually remove it.
Marius
