On Wed, 2016-01-06 at 15:06 +0000, Marius Petria wrote: > > > > > On 1/6/16, 4:42 PM, "Bertrand Delacretaz" <[email protected]> > wrote: > > > 4. Adding sling bundles to the whitelist requires a serious review, > > we > > want to keep that very small > > > > There are some legit uses of admin sessions, like SLING-5355. > > Hiding > > them behind pseudo service user is not useful IMO. > > > > Does that work for you? > > It works for me, but maybe we should update the jdocs (and also > remove the @Deprecated annotation) on loginAdmin in [1] as it is not > entirely correct. Or maybe that is too pedantic :).
Agreed. If we decide that we have scenarios where loginAdministrative is OK, we should remove the deprecation notice and replace it with a proper explanation regarding when it is OK to be used. Robert > > Marius > > [1] https://github.com/apache/sling/blob/trunk/bundles/jcr/api/src/ma > in/java/org/apache/sling/jcr/api/SlingRepository.java >
