[
https://issues.apache.org/jira/browse/SLING-5135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15653321#comment-15653321
]
ASF GitHub Bot commented on SLING-5135:
---------------------------------------
GitHub user code-distillery reopened a pull request:
https://github.com/apache/sling/pull/185
SLING-5135 - Whitelist legit usages of loginAdministrative and
administrative ResourceResolver
This pull request includes the following refactorings:
1. Replace `AbstractSlingRepositoryManager#getLoginAdminWhitelist()` with
`AbstractSlingRepositoryManager#allowLoginAdministrativeForBundle(Bundle)`.
This allows implementations of `AbstractSlingRepositoryManager` to implement
this method as they see fit. This decouples the `LoginAdminWhitelist` service
fro `AbstractSlingRepositoryManager`, in fact only `OakSlingRepositoryManager`
needs this dependency, as it uses it in its implementation.
2. Refactor `JcrProviderStateFactory` to use an `AbstractSlingRepository`
instance injected with the "usingBundle" (by means of a `ServiceFactory`) not
only for `loginService` but also for `loginAdministrative`. This allows
removing any reference to `LoginAdminWhitelist` and thus also the dependency
from `o.a.s.jcr.resource` to `o.a.s.jcr.base`.
3. Rename `LoginAdminWhitelist` configuration properties as suggested by
Oliver in SLING-5135
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/code-distillery/sling feature/SLING-5135
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/sling/pull/185.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #185
----
commit f21f053fa07f59866cbcc7155720653648c67296
Author: Julian Sedding <[email protected]>
Date: 2016-11-09T15:14:59Z
SLING-5135 - Whitelist legit usages of loginAdministrative and
administrative ResourceResolver
- refactor for minimal dependencies to LoginAdminWhitelist support
- cleanup imports and related tests
commit 20c65f90a7b9babffe20473ec3052d9810495b0a
Author: Julian Sedding <[email protected]>
Date: 2016-11-09T19:51:00Z
SLING-5135 - Whitelist legit usages of loginAdministrative and
administrative ResourceResolver
- avoid explicit check for LoginAdminWhitelist by using the same
mechanism for loginAdministrative and loginService to pass
the "usingBundle" to the AbstractSlingRepository2 instance
- the above allows to remove the dependency to o.a.s.jcr.base
from o.a.s.jcr.resource
commit ecb3ce1d68d40356eae0a928584b7bb6c7545d6c
Author: Julian Sedding <[email protected]>
Date: 2016-11-09T20:13:58Z
SLING-5135 - Whitelist legit usages of loginAdministrative and
administrative ResourceResolver
- rename configuration properties
----
> Whitelist legit usages of loginAdministrative and administrative
> ResourceResolver
> ---------------------------------------------------------------------------------
>
> Key: SLING-5135
> URL: https://issues.apache.org/jira/browse/SLING-5135
> Project: Sling
> Issue Type: Bug
> Components: JCR
> Reporter: Antonio Sanso
> Assignee: Bertrand Delacretaz
> Fix For: JCR Base 2.4.2
>
> Attachments: SLING-5135.patch, SLING-5135.patch
>
>
> {{AbstractSlingRepositoryManager}} contains a method that disable
> loginAdministrative support
> {code}
> /**
> * Returns whether to disable the
> * {@code SlingRepository.loginAdministrative} method or not.
> *
> * @return {@code true} if {@code SlingRepository.loginAdministrative} is
> * disabled.
> */
> public final boolean isDisableLoginAdministrative()
> {code}
> This is a global configuration. It would be nice to have an extension of such
> mechanism that contains a white list of (few) legit usage of
> {{loginAdministrative}}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
