[ https://issues.apache.org/jira/browse/SLING-9692?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17245759#comment-17245759 ]
Angela Schreiber commented on SLING-9692: ----------------------------------------- h4. interaction with service-user-mapping one more thing i would like to point to one additional point related to service-user-mapping conversion: principal-based authorization can only be safely enforced if service-user-mapping use the recommended mapping format with [] aggregating one or multiple serviceuser principal names (see [https://sling.apache.org/documentation/the-sling-engine/service-authentication.html#configuration).] i don't know if the converter keeps track of the mappings but that needs be taken into consideration when attempting to enforce it. if the mapping(s) for a given service user include the old mapping format, the converter should either not enforce it (and log an error) or abort the conversion. the 3rd option 'converting the mapping as well' seems too risky as the code might rely on permissions inherited through group-membership, which no longer is resolved with the aggregated service-principal mapping. > Add support for principal-based access control entries > ------------------------------------------------------ > > Key: SLING-9692 > URL: https://issues.apache.org/jira/browse/SLING-9692 > Project: Sling > Issue Type: Improvement > Components: Content-Package to Feature Model Converter > Reporter: Robert Munteanu > Priority: Major > Fix For: Content-Package to Feature Model Converter 1.0.26 > > Attachments: SLING-9692.patch > > > When passed a content package that contains principal-based access control > entries, the converter ignores them. It should instead generate the proper > repoinit statements. -- This message was sent by Atlassian Jira (v8.3.4#803005)