Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-5006

Allow to enable the usage of regular JCR users for service resolvers




      With SLING-3854 a ServiceUserValidator interface was introduced. Basically all OSGi services implementing that interface may decide whether certain users can be used as backing user for a call to ResourceResolverFactory.getServiceResolver(...). The only implementation of that in Sling is JcrSystemUserValidator which only allows to use JCR system users.

      The list of all those services is bound in the ServiceUserMapperImpl dynamically.
      If you for example want to use that service to relax the policy being introduced with SLING-3854 (to e.g. allow all users as service users) you may register your own service just returning true for all users in the only method isValid. Unfortunately you don't know when your ServiceUserValidator service is bound (due to the dynamic restart behaviour of services). Therefore other services cannot rely on the fact that your own ServiceUserValidator is being available at a certain point in time and therefore their call to ResourceResolverFactory.getServiceResolver(...) may fail, if they rely on a non-System JCR user. Therefore this mechanism is not suitable to disable the enforcing of JCR system users.

      Instead I would propose the following:

      1. allow to configure the JcrSystemUserValidator via an OSGi property named allowOnlySystemUsers which by default should be true.
      2. within the method JcrSystemUserValidator.isValidUser you either allow all users or leave the current logic in place (in case allowOnlySystemUsers is true).

      Only that way it would be possible to reliably allow all users as service users which is especially helpful during development of a certain feature (although this is probably not a config you would set on a production instance).


        1. SLING-5006-serviceusermapper-v01.diff
          2 kB
          Konrad Windszus
        2. SLING-5006-uservalidator-v01.diff
          7 kB
          Konrad Windszus

        Issue Links



              kwin Konrad Windszus
              kwin Konrad Windszus
              0 Vote for this issue
              3 Start watching this issue