Hi, On Tue, Aug 6, 2013 at 12:51 PM, Angela Schreiber <[email protected]> wrote: > regarding attaching to the SessionDelegate: i definitely disagree. > in contrast to the various plugins which are not really pluggable > the various mgr security related implementations must be > pluggable at runtime. therefore making the implementation depend > on the internal SessionDelegate is not an option. > in addition some of those classes are also used within the oak core > (validators, commit hooks and so forth). i really don't want to > add any dependency to oak-jcr nor the internals contained therein > to the various security related parts. i deliberately avoided it. > this wasn't a coincidence :-)
Fair enough. My point here is that SessionDelegate.perform() would solve the OAK-938 problem, and coming up with another solution seems like unnecessary duplication to me. But I won't stand in the way if people think that's a better approach. BR, Jukka Zitting
