[ https://issues.apache.org/jira/browse/SLING-5135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Julian Sedding updated SLING-5135: ---------------------------------- Comment: was deleted (was: GitHub user code-distillery reopened a pull request: https://github.com/apache/sling/pull/185 SLING-5135 - Whitelist legit usages of loginAdministrative and administrative ResourceResolver This pull request includes the following refactorings: 1. Replace `AbstractSlingRepositoryManager#getLoginAdminWhitelist()` with `AbstractSlingRepositoryManager#allowLoginAdministrativeForBundle(Bundle)`. This allows implementations of `AbstractSlingRepositoryManager` to implement this method as they see fit. This decouples the `LoginAdminWhitelist` service fro `AbstractSlingRepositoryManager`, in fact only `OakSlingRepositoryManager` needs this dependency, as it uses it in its implementation. 2. Refactor `JcrProviderStateFactory` to use an `AbstractSlingRepository` instance injected with the "usingBundle" (by means of a `ServiceFactory`) not only for `loginService` but also for `loginAdministrative`. This allows removing any reference to `LoginAdminWhitelist` and thus also the dependency from `o.a.s.jcr.resource` to `o.a.s.jcr.base`. 3. Rename `LoginAdminWhitelist` configuration properties as suggested by Oliver in SLING-5135 You can merge this pull request into a Git repository by running: $ git pull https://github.com/code-distillery/sling feature/SLING-5135 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/sling/pull/185.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #185 ---- commit f21f053fa07f59866cbcc7155720653648c67296 Author: Julian Sedding <jsedd...@apache.org> Date: 2016-11-09T15:14:59Z SLING-5135 - Whitelist legit usages of loginAdministrative and administrative ResourceResolver - refactor for minimal dependencies to LoginAdminWhitelist support - cleanup imports and related tests commit 20c65f90a7b9babffe20473ec3052d9810495b0a Author: Julian Sedding <jsedd...@apache.org> Date: 2016-11-09T19:51:00Z SLING-5135 - Whitelist legit usages of loginAdministrative and administrative ResourceResolver - avoid explicit check for LoginAdminWhitelist by using the same mechanism for loginAdministrative and loginService to pass the "usingBundle" to the AbstractSlingRepository2 instance - the above allows to remove the dependency to o.a.s.jcr.base from o.a.s.jcr.resource commit ecb3ce1d68d40356eae0a928584b7bb6c7545d6c Author: Julian Sedding <jsedd...@apache.org> Date: 2016-11-09T20:13:58Z SLING-5135 - Whitelist legit usages of loginAdministrative and administrative ResourceResolver - rename configuration properties ---- ) > Whitelist legit usages of loginAdministrative and administrative > ResourceResolver > --------------------------------------------------------------------------------- > > Key: SLING-5135 > URL: https://issues.apache.org/jira/browse/SLING-5135 > Project: Sling > Issue Type: Bug > Components: JCR > Reporter: Antonio Sanso > Assignee: Bertrand Delacretaz > Fix For: JCR Base 2.4.2 > > Attachments: SLING-5135.patch, SLING-5135.patch > > > {{AbstractSlingRepositoryManager}} contains a method that disable > loginAdministrative support > {code} > /** > * Returns whether to disable the > * {@code SlingRepository.loginAdministrative} method or not. > * > * @return {@code true} if {@code SlingRepository.loginAdministrative} is > * disabled. > */ > public final boolean isDisableLoginAdministrative() > {code} > This is a global configuration. It would be nice to have an extension of such > mechanism that contains a white list of (few) legit usage of > {{loginAdministrative}} -- This message was sent by Atlassian JIRA (v6.3.4#6332)