Hi, On Wed, Jan 6, 2016 at 3:33 PM, Marius Petria <[email protected]> wrote: > ...I think the spirit is to force every bundle to analyze its requirements > and switch to loginService > and only exceptionally use and admin session....
That's the idea, yes - here's the scenario as I see it: 1. We implement a mechanism to whitelist which bundles can use admin sessions, SLING-5135 2. We define our initial whitelist, which should be quite small, and activate the "admin sessions disabled except for whitelisted bundles" feature by default. 3. If users have existing code that uses admin session they can add them to the whitelist, at their own risk. That's very useful to handle the transition and make sure they enable that blocking feature as well. 4. Adding sling bundles to the whitelist requires a serious review, we want to keep that very small There are some legit uses of admin sessions, like SLING-5355. Hiding them behind pseudo service user is not useful IMO. Ideally as discussed in this thread we'd mark the individual lines of code that create admin sessions to explain why, but if keep bundles focused a per-bundle whitelist is reasonable. Does that work for you? -Bertrand
