Hi Roy,
that's indeed good news, as it seems to solve the impersonation usecase. On
the other hand the javadoc is quite clear, that the requirements of the
impersonation process itself come from the underlying repository. I
typically use Oak and the Oak documentation at [1] says that with the
DefaultLoginModule it still requires some kind of prerequisits
("Impersonation another user will only succeed if the impersonated user is
valid (i.e. exists and is not disabled) *and* the the user associated with
the editing session is allowed to impersonate this user.").
Jörg
[1]
https://jackrabbit.apache.org/oak/docs/security/authentication/default.html#impersonation
2018-02-07 22:50 GMT+01:00 Roy Teeuwen <[email protected]>:
> Hey Andres,
>
> We had a similar use case to do impersonation, there is another method for
> that now:
>
> https://sling.apache.org/apidocs/sling10/org/apache/
> sling/jcr/api/SlingRepository.html#impersonateFromService-
> java.lang.String-javax.jcr.Credentials-java.lang.String-
>
> Greets,
> Roy
>
>
> On 7 Feb 2018, at 20:49, Andres Bott <[email protected]> wrote:
>
> Maybe a solution would be
> - deprecate / remove the method ( to avoid old code to run as admin)
> - rename the class / method and add an info to the log
>
> in this way we make sure that old code gets migrated to service users, and
> the places where it really makes sense to use admin user, the developer
> should be aware of it.
>
> Andres
>
>
> El 2018-02-06 14:09, Bertrand Delacretaz escribió:
>
> On Tue, Feb 6, 2018 at 1:02 PM, Jörg Hoh <[email protected]> wrote:
>
> ...Long story short: Is the loginAdministrative() method planned to be
> removed? If yes, we should clearly give best practices and document how it
> can be replaced even in the non-trivial cases. If it's going to stay, we
> should remove the deprecation warning....
>
> I think we need to keep warnings that loginAdmin should be used as
> sparingly as possible.
> And probably provide some examples where it does make sense to use it.
> But deprecation might not be the correct term, as you indicate.
> -Bertrand
>
>
>
--
Cheers,
Jörg Hoh,
http://cqdump.wordpress.com
Twitter: @joerghoh
