Sling
  1. Sling
  2. SLING-2944

Replace administrative login by service-based login

    Details

      Description

      From the start Sling tried to solve the problem of providing services access to the repository and resource tree without having to hard code and configure any passwords. This was done first with the SlingRepository.loginAdministrative and later with the ResourceResolverFactory.getAdministrativeResourceResolver methods.

      Over time this mechanism proved to be the hammer to hit all nails. Particularly these methods while truly useful have the disadvantage of providing full administrative privileges to services where just some specific kind of privilege would be enough.

      For example for the JSP compiler it would be enough to be able to read the JSP source scripts and write the Java classes out to the JSP compiler's target location. Other access is not required. Similarly to manage users user management privileges are enough and no access to /content is really required.

      To solve this problem a new API for Service Authentication has been proposed at https://cwiki.apache.org/confluence/display/SLING/Service+Authentication. The prototype of which is implemented in http://svn.apache.org/repos/asf/sling/whiteboard/fmeschbe/deprecate_login_administrative.

      This issue is about merging the prototype code back into trunk and thus fully implementing the feature.

      1. SLING-2944.patch
        77 kB
        Felix Meschberger
      2. serviceusermapper.tgz
        6 kB
        Felix Meschberger

        Issue Links

          Activity

          Carsten Ziegeler made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Carsten Ziegeler made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          Felix Meschberger made changes -
          Fix Version/s Servlets Resolver 2.2.6 [ 12324330 ]
          Fix Version/s File System Resource Provider 1.1.4 [ 12324318 ]
          Fix Version/s Extensions Bundleresource 2.1.4 [ 12324319 ]
          Felix Meschberger made changes -
          Fix Version/s JCR Jackrabbit Server 2.2.0 [ 12324840 ]
          Fix Version/s JCR Jackrabbit Server 2.1.2 [ 12315318 ]
          Felix Meschberger made changes -
          Link This issue is blocked by SLING-2923 [ SLING-2923 ]
          Felix Meschberger made changes -
          Attachment SLING-2944.patch [ 12590793 ]
          Attachment serviceusermapper.tgz [ 12590794 ]
          Felix Meschberger made changes -
          Fix Version/s Service User Mapper 1.0.0 [ 12324674 ]
          Felix Meschberger made changes -
          Field Original Value New Value
          Component/s Service User Mapper [ 12320728 ]
          Felix Meschberger created issue -

            People

            • Assignee:
              Felix Meschberger
              Reporter:
              Felix Meschberger
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development