Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-5135

Whitelist legit usages of loginAdministrative and administrative ResourceResolver

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • JCR Base 2.4.2
    • JCR
    • None

    Description

      AbstractSlingRepositoryManager contains a method that disable loginAdministrative support

          /**
     * Returns whether to disable the
     * {@code SlingRepository.loginAdministrative} method or not.
     *
     * @return {@code true} if {@code SlingRepository.loginAdministrative} is
     *         disabled.
     */
    public final boolean isDisableLoginAdministrative()

      This is a global configuration. It would be nice to have an extension of such mechanism that contains a white list of (few) legit usage of loginAdministrative

      Attachments

        1. SLING-5135.patch
          32 kB
          Bertrand Delacretaz
        2. SLING-5135.patch
          16 kB
          Bertrand Delacretaz

        Issue Links

        is blocked by

        Improvement - An improvement or enhancement to an existing feature or task. SLING-6113 JcrProviderStateFactory needs a reference to the bundle that's using it

        • Minor - Minor loss of function, or other problem where easy workaround is present.
        • Resolved

        Task - A task that needs to be done. SLING-6124 Update oak-server to latest JCR module snapshots

        • Minor - Minor loss of function, or other problem where easy workaround is present.
        • Resolved
        is related to

        Bug - A problem which impairs or prevents the functions of the product. JCRVLT-325 VaultSyncServiceImpl still relies on deprecated loginAdministrative

        • Major - Major loss of function.
        • Open
        relates to

        New Feature - A new feature of the product, which has yet to be developed. SLING-5355 Create service users and ACLs from the provisioning model

        • Major - Major loss of function.
        • Resolved

        Task - A task that needs to be done. SLING-6273 Document SLING-5135 - whitelist of legit login admin uses

        • Major - Major loss of function.
        • Resolved
        links to

        Web Link GitHub Pull Request #185

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            jsedding Julian Sedding
            asanso Antonio Sanso
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment