One goal of Sling is to be configurationless. With
SLING-6772, the service user mapper module introduces a default for service user mappings. However this does not include registering a ServiceUserMapped service - but, other services in the system have a reference on such services to ensure that a mapping is available.
In addition, currently ServiceUserMapped only ensures that a "mapping" is available, but not the service user itself
This has been recently discussed in the Sling mailing list
We would use the existing service hooks to see if for any given ServiceUserMapped requested we can actually log into all registered resource providers that require authentication and are not lazy. If a login exception occurs, it's not available and we don't register the ServiceUserMapped. Obviously, if a resource provider gets added that requires authentication and is not lazy we need to recheck but this way we at least would neither exposes service users to the world nor, require API changes.