[
https://issues.apache.org/jira/browse/SLING-5135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15562559#comment-15562559
]
Bertrand Delacretaz commented on SLING-5135:
--------------------------------------------
I now have an implementation at
https://github.com/bdelacretaz/sling/tree/issue/SLING-5135 where
{{getAdministrativeResourceResolver()}} also passes through the login admin
whitelist.
It's simpler than envisioned in my last comment, as the calling bundle can be
extracted from the authentication info Map that's passed to
{{JcrProviderStateFactory.createProviderState}}.
Some integration tests (MappingEventsProxyTest, ResourceResolverProxyTest,
VanityPathTest) are failing (*), it looks like {{MapEntries}} calling
{{getAdministrativeResourceResolver(null)}} might be the cause of that.
(*) All with failures like "timeout waiting for
org/apache/sling/api/resource/ResourceResolverMapping/CHANGED event"
> Whitelist legit usages of loginAdministrative and administrative
> ResourceResolver
> ---------------------------------------------------------------------------------
>
> Key: SLING-5135
> URL: https://issues.apache.org/jira/browse/SLING-5135
> Project: Sling
> Issue Type: Bug
> Components: JCR
> Reporter: Antonio Sanso
> Assignee: Bertrand Delacretaz
> Attachments: SLING-5135.patch, SLING-5135.patch
>
>
> {{AbstractSlingRepositoryManager}} contains a method that disable
> loginAdministrative support
> {code}
> /**
> * Returns whether to disable the
> * {@code SlingRepository.loginAdministrative} method or not.
> *
> * @return {@code true} if {@code SlingRepository.loginAdministrative} is
> * disabled.
> */
> public final boolean isDisableLoginAdministrative()
> {code}
> This is a global configuration. It would be nice to have an extension of such
> mechanism that contains a white list of (few) legit usage of
> {{loginAdministrative}}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
