Hi,
For the SLING-5135 I had to remove the code marked with "THIS IS NOW
REMOVED" below, in CommonResourceResolverFactoryImpl, is that ok with
whoever wrote that code (Carsten as per the history)?
if ( passedAuthenticationInfo != null ) {
authenticationInfo.putAll(passedAuthenticationInfo);
// make sure there is no leaking of service bundle and info props
authenticationInfo.remove(ResourceProvider.AUTH_SERVICE_BUNDLE); //
THIS IS NOW REMOVED
authenticationInfo.remove(SUBSERVICE);
}
It's needed to pass the calling bundle down to JcrProviderStateFactory
which calls loginAdministrative and needs to check the whitelisting of
that bundle first.
Details at
https://github.com/bdelacretaz/sling/commit/fe8f9559bda6ba5a05c01bba6a85e640fb8ac143
- that's not committed yet, just in my private branch so far.
-Bertrand
