[jira] [Commented] (SLING-3854) Add configuration option to restrict service user mapper to system users
[
https://issues.apache.org/jira/browse/SLING-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14681819#comment-14681819
]
Konrad Windszus commented on SLING-3854:
I don't see the configuration option to disable that functionality. Was that
deliberately left out? If I intentionally want to use regular users as service
users I now have to implement my own {{ServiceUserValidator}} which returns
{{true}} for {{isValid(...)}}. Wouldn't a simple OSGi flag on the service user
mapper be better to not enforce that check?
Add configuration option to restrict service user mapper to system users
Key: SLING-3854
URL: https://issues.apache.org/jira/browse/SLING-3854
Project: Sling
Issue Type: Improvement
Components: Service User Mapper
Reporter: angela
Assignee: Antonio Sanso
Fix For: Service User Mapper 1.1.0, JCR Resource 2.5.0
Attachments: SLING-3854-patch2.txt, SLING-3854.patch
JCR-3802 introduces the concept of system users that distinct from regular
user accounts and never have a password set. the API extensions include to
following ability to discover if a given User is actually a system user:
{{User.isSystemUser}}.
It would be good if the service user mapping had a configuration option that
would restrict the mapping to dedicated service users i.e. to users which are
defined to be system users in case sling is running on a JCR repository that
implements jackrabbit API.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Re: [jira] [Commented] (SLING-3854) Add configuration option to restrict service user mapper to system users
thanks a lot Marius,
I will proceed with the release so
regards
antonio
On Feb 24, 2015, at 7:20 PM, Marius Petria mpet...@adobe.com wrote:
Hi Antonio,
For SLING-4312 I am waiting for Felix’s answer as he raised some concerns
about the approach. Currently I have nothing in trunk as I reverted my
stuff due to a compilation error, so I think you can go ahead with the
release I can do another one once we are clear on SLING-4312.
Marius
On 2/24/15, 6:23 PM, Antonio Sanso asa...@adobe.com wrote:
thanks Tomek,
AFAIU we have also https://issues.apache.org/jira/browse/SLING-4312 in
to the game.
This approach is currently under discussion in the dev list.
@Marius what is your take here. Are we ready for a release?
regards
antonio
On Feb 24, 2015, at 4:58 PM, Tomek Rękawek (JIRA) j...@apache.org wrote:
[
https://issues.apache.org/jira/browse/SLING-3854?page=com.atlassian.jira.
plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14335026#c
omment-14335026 ]
Tomek Rękawek commented on SLING-3854:
--
Hello,
I'm interested in releasing the JCR Resource 2.5.0, which depends on
the Service User Mapper 1.0.5-SNAPSHOT. I think the dependency is caused
by this resolved task. Do you think we can release the Service User
Mapper to remove the SNAPSHOT dependency from the JCR Resource?
Add configuration option to restrict service user mapper to system
users
Key: SLING-3854
URL: https://issues.apache.org/jira/browse/SLING-3854
Project: Sling
Issue Type: Improvement
Components: Service User Mapper
Reporter: angela
Assignee: Antonio Sanso
Fix For: Service User Mapper 1.1.0, JCR Resource 2.5.0
Attachments: SLING-3854-patch2.txt, SLING-3854.patch
JCR-3802 introduces the concept of system users that distinct from
regular user accounts and never have a password set. the API extensions
include to following ability to discover if a given User is actually a
system user: {{User.isSystemUser}}.
It would be good if the service user mapping had a configuration
option that would restrict the mapping to dedicated service users i.e.
to users which are defined to be system users in case sling is running
on a JCR repository that implements jackrabbit API.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-3854) Add configuration option to restrict service user mapper to system users
[
https://issues.apache.org/jira/browse/SLING-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14335026#comment-14335026
]
Tomek Rękawek commented on SLING-3854:
--
Hello,
I'm interested in releasing the JCR Resource 2.5.0, which depends on the
Service User Mapper 1.0.5-SNAPSHOT. I think the dependency is caused by this
resolved task. Do you think we can release the Service User Mapper to remove
the SNAPSHOT dependency from the JCR Resource?
Add configuration option to restrict service user mapper to system users
Key: SLING-3854
URL: https://issues.apache.org/jira/browse/SLING-3854
Project: Sling
Issue Type: Improvement
Components: Service User Mapper
Reporter: angela
Assignee: Antonio Sanso
Fix For: Service User Mapper 1.1.0, JCR Resource 2.5.0
Attachments: SLING-3854-patch2.txt, SLING-3854.patch
JCR-3802 introduces the concept of system users that distinct from regular
user accounts and never have a password set. the API extensions include to
following ability to discover if a given User is actually a system user:
{{User.isSystemUser}}.
It would be good if the service user mapping had a configuration option that
would restrict the mapping to dedicated service users i.e. to users which are
defined to be system users in case sling is running on a JCR repository that
implements jackrabbit API.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Re: [jira] [Commented] (SLING-3854) Add configuration option to restrict service user mapper to system users
thanks Tomek,
AFAIU we have also https://issues.apache.org/jira/browse/SLING-4312 in to the
game.
This approach is currently under discussion in the dev list.
@Marius what is your take here. Are we ready for a release?
regards
antonio
On Feb 24, 2015, at 4:58 PM, Tomek Rękawek (JIRA) j...@apache.org wrote:
[
https://issues.apache.org/jira/browse/SLING-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14335026#comment-14335026
]
Tomek Rękawek commented on SLING-3854:
--
Hello,
I'm interested in releasing the JCR Resource 2.5.0, which depends on the
Service User Mapper 1.0.5-SNAPSHOT. I think the dependency is caused by this
resolved task. Do you think we can release the Service User Mapper to remove
the SNAPSHOT dependency from the JCR Resource?
Add configuration option to restrict service user mapper to system users
Key: SLING-3854
URL: https://issues.apache.org/jira/browse/SLING-3854
Project: Sling
Issue Type: Improvement
Components: Service User Mapper
Reporter: angela
Assignee: Antonio Sanso
Fix For: Service User Mapper 1.1.0, JCR Resource 2.5.0
Attachments: SLING-3854-patch2.txt, SLING-3854.patch
JCR-3802 introduces the concept of system users that distinct from regular
user accounts and never have a password set. the API extensions include to
following ability to discover if a given User is actually a system user:
{{User.isSystemUser}}.
It would be good if the service user mapping had a configuration option that
would restrict the mapping to dedicated service users i.e. to users which
are defined to be system users in case sling is running on a JCR repository
that implements jackrabbit API.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Re: [jira] [Commented] (SLING-3854) Add configuration option to restrict service user mapper to system users
Hi Antonio,
For SLING-4312 I am waiting for Felix’s answer as he raised some concerns
about the approach. Currently I have nothing in trunk as I reverted my
stuff due to a compilation error, so I think you can go ahead with the
release I can do another one once we are clear on SLING-4312.
Marius
On 2/24/15, 6:23 PM, Antonio Sanso asa...@adobe.com wrote:
thanks Tomek,
AFAIU we have also https://issues.apache.org/jira/browse/SLING-4312 in
to the game.
This approach is currently under discussion in the dev list.
@Marius what is your take here. Are we ready for a release?
regards
antonio
On Feb 24, 2015, at 4:58 PM, Tomek Rękawek (JIRA) j...@apache.org wrote:
[
https://issues.apache.org/jira/browse/SLING-3854?page=com.atlassian.jira.
plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14335026#c
omment-14335026 ]
Tomek Rękawek commented on SLING-3854:
--
Hello,
I'm interested in releasing the JCR Resource 2.5.0, which depends on
the Service User Mapper 1.0.5-SNAPSHOT. I think the dependency is caused
by this resolved task. Do you think we can release the Service User
Mapper to remove the SNAPSHOT dependency from the JCR Resource?
Add configuration option to restrict service user mapper to system
users
Key: SLING-3854
URL: https://issues.apache.org/jira/browse/SLING-3854
Project: Sling
Issue Type: Improvement
Components: Service User Mapper
Reporter: angela
Assignee: Antonio Sanso
Fix For: Service User Mapper 1.1.0, JCR Resource 2.5.0
Attachments: SLING-3854-patch2.txt, SLING-3854.patch
JCR-3802 introduces the concept of system users that distinct from
regular user accounts and never have a password set. the API extensions
include to following ability to discover if a given User is actually a
system user: {{User.isSystemUser}}.
It would be good if the service user mapping had a configuration
option that would restrict the mapping to dedicated service users i.e.
to users which are defined to be system users in case sling is running
on a JCR repository that implements jackrabbit API.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-3854) Add configuration option to restrict service user mapper to system users
[
https://issues.apache.org/jira/browse/SLING-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14328821#comment-14328821
]
Antonio Sanso commented on SLING-3854:
--
[~mpetria]
bq. is there any reason for which the validation is done at mapping time not at
registration time?
as you can see from my comment above I had the same concern. Point is that in
some situation (e.g package installation) you can have some time racing
condition where the user is installed after the bundle and this might
invalidate the logic of checking at registration time (see also comment
above from [~fmeschbe]. The JcrSystemUserValidator has a built in cache though
bq. Also, regarding switching to a service user in JcrSystemUserValidator this
will not be very easy probably as it looks like it will cause an infinite loop.
What do you mean, might be just me but I fail to see an infinite loop
Add configuration option to restrict service user mapper to system users
Key: SLING-3854
URL: https://issues.apache.org/jira/browse/SLING-3854
Project: Sling
Issue Type: Improvement
Components: Service User Mapper
Reporter: angela
Assignee: Antonio Sanso
Fix For: Service User Mapper 1.1.0, JCR Resource 2.5.0
Attachments: SLING-3854-patch2.txt, SLING-3854.patch
JCR-3802 introduces the concept of system users that distinct from regular
user accounts and never have a password set. the API extensions include to
following ability to discover if a given User is actually a system user:
{{User.isSystemUser}}.
It would be good if the service user mapping had a configuration option that
would restrict the mapping to dedicated service users i.e. to users which are
defined to be system users in case sling is running on a JCR repository that
implements jackrabbit API.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-3854) Add configuration option to restrict service user mapper to system users
[
https://issues.apache.org/jira/browse/SLING-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14328831#comment-14328831
]
Marius Petria commented on SLING-3854:
--
Sorry, I did not see the discussion about the validation time, however it looks
that the last comment on that matter is: it is probably stable enough to
validate at configuration time and not on each access. Anyway, I see that was
discussed thoroughly so I have no more comments on that.
bq. What do you mean, might be just me but I fail to see an infinite loop
Assume in JcrSystemUserValidator you call loginService(validatorService), that
will call getServiceUserID which will go again into validators. Maybe I am just
seeing wrong as I did not actually test that :).
Add configuration option to restrict service user mapper to system users
Key: SLING-3854
URL: https://issues.apache.org/jira/browse/SLING-3854
Project: Sling
Issue Type: Improvement
Components: Service User Mapper
Reporter: angela
Assignee: Antonio Sanso
Fix For: Service User Mapper 1.1.0, JCR Resource 2.5.0
Attachments: SLING-3854-patch2.txt, SLING-3854.patch
JCR-3802 introduces the concept of system users that distinct from regular
user accounts and never have a password set. the API extensions include to
following ability to discover if a given User is actually a system user:
{{User.isSystemUser}}.
It would be good if the service user mapping had a configuration option that
would restrict the mapping to dedicated service users i.e. to users which are
defined to be system users in case sling is running on a JCR repository that
implements jackrabbit API.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-3854) Add configuration option to restrict service user mapper to system users
[
https://issues.apache.org/jira/browse/SLING-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14328839#comment-14328839
]
Antonio Sanso commented on SLING-3854:
--
bq. Assume in JcrSystemUserValidator you call loginService(validatorService),
that will call getServiceUserID which will go again into validators.
fair enough. Sorry I did not understand you were talking about the {{//TODO}}.
All I can say is when we tackle the TODO we really need to think about avoid
the situation you describe...
Add configuration option to restrict service user mapper to system users
Key: SLING-3854
URL: https://issues.apache.org/jira/browse/SLING-3854
Project: Sling
Issue Type: Improvement
Components: Service User Mapper
Reporter: angela
Assignee: Antonio Sanso
Fix For: Service User Mapper 1.1.0, JCR Resource 2.5.0
Attachments: SLING-3854-patch2.txt, SLING-3854.patch
JCR-3802 introduces the concept of system users that distinct from regular
user accounts and never have a password set. the API extensions include to
following ability to discover if a given User is actually a system user:
{{User.isSystemUser}}.
It would be good if the service user mapping had a configuration option that
would restrict the mapping to dedicated service users i.e. to users which are
defined to be system users in case sling is running on a JCR repository that
implements jackrabbit API.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-3854) Add configuration option to restrict service user mapper to system users
[
https://issues.apache.org/jira/browse/SLING-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14327341#comment-14327341
]
Antonio Sanso commented on SLING-3854:
--
committed jcr resource part in r1660869
Add configuration option to restrict service user mapper to system users
Key: SLING-3854
URL: https://issues.apache.org/jira/browse/SLING-3854
Project: Sling
Issue Type: Improvement
Components: Service User Mapper
Reporter: angela
Assignee: Antonio Sanso
Attachments: SLING-3854-patch2.txt, SLING-3854.patch
JCR-3802 introduces the concept of system users that distinct from regular
user accounts and never have a password set. the API extensions include to
following ability to discover if a given User is actually a system user:
{{User.isSystemUser}}.
It would be good if the service user mapping had a configuration option that
would restrict the mapping to dedicated service users i.e. to users which are
defined to be system users in case sling is running on a JCR repository that
implements jackrabbit API.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-3854) Add configuration option to restrict service user mapper to system users
[
https://issues.apache.org/jira/browse/SLING-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14319921#comment-14319921
]
Antonio Sanso commented on SLING-3854:
--
looking again back at the history of this issue as [~anchela] already proposed
wouldn't be better to do the validation upon registration?
Add configuration option to restrict service user mapper to system users
Key: SLING-3854
URL: https://issues.apache.org/jira/browse/SLING-3854
Project: Sling
Issue Type: Improvement
Components: Service User Mapper
Reporter: angela
Assignee: Antonio Sanso
Attachments: SLING-3854-patch2.txt, SLING-3854.patch
JCR-3802 introduces the concept of system users that distinct from regular
user accounts and never have a password set. the API extensions include to
following ability to discover if a given User is actually a system user:
{{User.isSystemUser}}.
It would be good if the service user mapping had a configuration option that
would restrict the mapping to dedicated service users i.e. to users which are
defined to be system users in case sling is running on a JCR repository that
implements jackrabbit API.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-3854) Add configuration option to restrict service user mapper to system users
[
https://issues.apache.org/jira/browse/SLING-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14319942#comment-14319942
]
Felix Meschberger commented on SLING-3854:
--
[~asanso] Patch LGTM with a nitpick: It raises the Jackrabbit API dependency
rather high. Can we live with that ? Do we do that with open eyes ? Then I am
fine. Otherwise, we might discuss how to cope with older Jackrabbit API which
does not have the User.isSystemUser method.
Validation: I think a user cannot easily dynamically convert its status of
being a regular or a system user. Hence it is probably stable enough to
validate at configuration time and not on each access.
Add configuration option to restrict service user mapper to system users
Key: SLING-3854
URL: https://issues.apache.org/jira/browse/SLING-3854
Project: Sling
Issue Type: Improvement
Components: Service User Mapper
Reporter: angela
Assignee: Antonio Sanso
Attachments: SLING-3854-patch2.txt, SLING-3854.patch
JCR-3802 introduces the concept of system users that distinct from regular
user accounts and never have a password set. the API extensions include to
following ability to discover if a given User is actually a system user:
{{User.isSystemUser}}.
It would be good if the service user mapping had a configuration option that
would restrict the mapping to dedicated service users i.e. to users which are
defined to be system users in case sling is running on a JCR repository that
implements jackrabbit API.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-3854) Add configuration option to restrict service user mapper to system users
[
https://issues.apache.org/jira/browse/SLING-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14319952#comment-14319952
]
Antonio Sanso commented on SLING-3854:
--
[~fmeschbe]
bq. It raises the Jackrabbit API dependency rather high.
2.9.0 is the minimum version that has the {{isSystemUser}} method
Add configuration option to restrict service user mapper to system users
Key: SLING-3854
URL: https://issues.apache.org/jira/browse/SLING-3854
Project: Sling
Issue Type: Improvement
Components: Service User Mapper
Reporter: angela
Assignee: Antonio Sanso
Attachments: SLING-3854-patch2.txt, SLING-3854.patch
JCR-3802 introduces the concept of system users that distinct from regular
user accounts and never have a password set. the API extensions include to
following ability to discover if a given User is actually a system user:
{{User.isSystemUser}}.
It would be good if the service user mapping had a configuration option that
would restrict the mapping to dedicated service users i.e. to users which are
defined to be system users in case sling is running on a JCR repository that
implements jackrabbit API.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-3854) Add configuration option to restrict service user mapper to system users
[
https://issues.apache.org/jira/browse/SLING-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14312417#comment-14312417
]
angela commented on SLING-3854:
---
obviously it would be preferable if you can do it without loginAdministrative.
but the patch wasn't meant to be complete but rather a first draft on how this
could look like... otherwise i would have added tests :-)
Add configuration option to restrict service user mapper to system users
Key: SLING-3854
URL: https://issues.apache.org/jira/browse/SLING-3854
Project: Sling
Issue Type: Improvement
Components: Service User Mapper
Reporter: angela
Assignee: Antonio Sanso
Attachments: SLING-3854.patch
JCR-3802 introduces the concept of system users that distinct from regular
user accounts and never have a password set. the API extensions include to
following ability to discover if a given User is actually a system user:
{{User.isSystemUser}}.
It would be good if the service user mapping had a configuration option that
would restrict the mapping to dedicated service users i.e. to users which are
defined to be system users in case sling is running on a JCR repository that
implements jackrabbit API.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-3854) Add configuration option to restrict service user mapper to system users
[
https://issues.apache.org/jira/browse/SLING-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14312394#comment-14312394
]
Antonio Sanso commented on SLING-3854:
--
[~anchela] thanks a lot for your patch.
I have seen it introduce a {{loginAdministrative(null);}} call. Is this
intended?
Add configuration option to restrict service user mapper to system users
Key: SLING-3854
URL: https://issues.apache.org/jira/browse/SLING-3854
Project: Sling
Issue Type: Improvement
Components: Service User Mapper
Reporter: angela
Assignee: Antonio Sanso
Attachments: SLING-3854.patch
JCR-3802 introduces the concept of system users that distinct from regular
user accounts and never have a password set. the API extensions include to
following ability to discover if a given User is actually a system user:
{{User.isSystemUser}}.
It would be good if the service user mapping had a configuration option that
would restrict the mapping to dedicated service users i.e. to users which are
defined to be system users in case sling is running on a JCR repository that
implements jackrabbit API.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-3854) Add configuration option to restrict service user mapper to system users
[
https://issues.apache.org/jira/browse/SLING-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14174920#comment-14174920
]
angela commented on SLING-3854:
---
[~fmeschbe], any updates from your side?
Add configuration option to restrict service user mapper to system users
Key: SLING-3854
URL: https://issues.apache.org/jira/browse/SLING-3854
Project: Sling
Issue Type: Improvement
Components: Service User Mapper
Reporter: angela
JCR-3802 introduces the concept of system users that distinct from regular
user accounts and never have a password set. the API extensions include to
following ability to discover if a given User is actually a system user:
{{User.isSystemUser}}.
It would be good if the service user mapping had a configuration option that
would restrict the mapping to dedicated service users i.e. to users which are
defined to be system users in case sling is running on a JCR repository that
implements jackrabbit API.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-3854) Add configuration option to restrict service user mapper to system users
[
https://issues.apache.org/jira/browse/SLING-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14098496#comment-14098496
]
angela commented on SLING-3854:
---
[~fmeschbe], i took the liberty to create an issue for this improvement as we
discussed it yesterday.
Add configuration option to restrict service user mapper to system users
Key: SLING-3854
URL: https://issues.apache.org/jira/browse/SLING-3854
Project: Sling
Issue Type: Improvement
Components: Service User Mapper
Reporter: angela
JCR-3802 introduces the concept of system users that distinct from regular
user accounts and never have a password set. the API extensions include to
following ability to discover if a given User is actually a system user:
{{User.isSystemUser}}.
It would be good if the service user mapping had a configuration option that
would restrict the mapping to dedicated service users i.e. to users which are
defined to be system users in case sling is running on a JCR repository that
implements jackrabbit API.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (SLING-3854) Add configuration option to restrict service user mapper to system users
[
https://issues.apache.org/jira/browse/SLING-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14098502#comment-14098502
]
Felix Meschberger commented on SLING-3854:
--
[~anchela] Thank you very much.
From an implementation perspective I think we have to add a user validation
method to the {{getServiceUserID}} method implementation. This method must be
called for each call of {{getServiceUserID}} because the named user may become
a regular user between calls.
{code}
Index:
src/main/java/org/apache/sling/serviceusermapping/impl/ServiceUserMapperImpl.java
===
---
src/main/java/org/apache/sling/serviceusermapping/impl/ServiceUserMapperImpl.java
(Revision 1562756)
+++
src/main/java/org/apache/sling/serviceusermapping/impl/ServiceUserMapperImpl.java
(Arbeitskopie)
@@ -94,7 +94,13 @@
*/
public String getServiceUserID(final Bundle bundle, final String
subServiceName) {
final String serviceName = bundle.getSymbolicName();
+final String userName = getServiceUserIDInternal(serviceName,
subServiceName);
+return validateUser(userName) ? userName : null;
+}
+
+private String getServiceUserIDInternal(final String serviceName, final
String subServiceName) {
+
// try with serviceInfo first
for (Mapping mapping : this.serviceUserMappings) {
final String user = mapping.map(serviceName, subServiceName);
@@ -114,4 +120,9 @@
// finally, fall back to default user
return this.defaultUser;
}
+
+private boolean validateUser(final String userName) {
+// TODO: Implement user validation, e.g. SLING-3854
+return true;
+}
}
{code}
Add configuration option to restrict service user mapper to system users
Key: SLING-3854
URL: https://issues.apache.org/jira/browse/SLING-3854
Project: Sling
Issue Type: Improvement
Components: Service User Mapper
Reporter: angela
JCR-3802 introduces the concept of system users that distinct from regular
user accounts and never have a password set. the API extensions include to
following ability to discover if a given User is actually a system user:
{{User.isSystemUser}}.
It would be good if the service user mapping had a configuration option that
would restrict the mapping to dedicated service users i.e. to users which are
defined to be system users in case sling is running on a JCR repository that
implements jackrabbit API.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (SLING-3854) Add configuration option to restrict service user mapper to system users
[
https://issues.apache.org/jira/browse/SLING-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14098577#comment-14098577
]
angela commented on SLING-3854:
---
wouldn't that have a negative impact on performance if you execute the
validation for each call?
i would just validate it upon registration and make that pluggable... e.g. with
a ServiceUserValidator interface and with a reference in the mapper that can
deal with multiple implementations... then people may also be able to use this
concept with their custom login modules, their custom principal provider, their
custom way of providing service users that may or may not be stored in the
repository... specially with third party integrations i am not convinced that
creating service users that then read third party credentials from the
repository content is really a perfect setup... why shouldn't we be able in the
future to make sure such a third party integration registers the service-user
and provide it's private authentication mechanism and providing the service
user with all information that is needed to deal with the third party
integration... without having to store credentials in a place that is
potentially not properly security, with an extra service user that need to be
able to read these credentials and so forth... i didn't yet think about in all
details but my gut feeling tells me that this should be easily extensible in
the future... like we do nowadays with bundles that provide both a Sling
AuthenticationHandler and a pluggable LoginModule that establish trust by using
bundle private information.
Add configuration option to restrict service user mapper to system users
Key: SLING-3854
URL: https://issues.apache.org/jira/browse/SLING-3854
Project: Sling
Issue Type: Improvement
Components: Service User Mapper
Reporter: angela
JCR-3802 introduces the concept of system users that distinct from regular
user accounts and never have a password set. the API extensions include to
following ability to discover if a given User is actually a system user:
{{User.isSystemUser}}.
It would be good if the service user mapping had a configuration option that
would restrict the mapping to dedicated service users i.e. to users which are
defined to be system users in case sling is running on a JCR repository that
implements jackrabbit API.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
