If this is technically possible (and I don't see why it isn't), I think this is a very elegant solution.
On Fri, Jul 27, 2018 at 10:41 AM Jason E Bailey <[email protected]> wrote: > I may be off base here since I haven't spent much time with service users > but couldn't this be handled by extending the Service User so that for > specific services, the user returned is the literal admin user. > > i.e. rather then whitelisting the services that can use > loginAdministrative the service user that these whitelisted services would > get would be the Administrator user. > > - Jason > > On Thu, Jul 19, 2018, at 5:25 AM, Bertrand Delacretaz wrote: > > Hi, > > > > On Tue, Jul 17, 2018 at 1:43 PM Justin Edelson <[email protected]> > wrote: > > > ...Without the deprecation, how will a developer know that they need to > > > configure the whitelist? While the deprecation wasn't perfect, at > least it > > > gave the developer the sense that they were doing something which > should be > > > avoided. It is unfortunate that deprecation in Java is such a binary > > > concept, but it is what it is... > > > > I agree with Justin here, I think our intention is to say "do not use > > this method unless you really have to and you know what you are doing" > > and also "note that you have to whitelist bundles which uses this". > > > > That's not the standard meaning of a deprecated Java method, but as > > Justin says we don't want developers to miss that restriction and > > deprecation is a workable (and imperfect) way of doing that. > > > > With this in mind I suggest keeping the deprecation, creating a > > website page that explains what it actually means and linking to that > > page in the javadocs. > > > > -Bertrand >
