Hi, I have to work on an update for the XSS Bundle and noticed that the adapter factory is still around. Is it ok if I revert the change from [2] as well?
Thanks, Radu [2] - https://issues.apache.org/jira/browse/SLING-9874 > On 9 Nov 2020, at 17:02, Bertrand Delacretaz <[email protected]> wrote: > > Hi, > > On Mon, Nov 9, 2020 at 1:31 PM Julian Sedding <[email protected]> wrote: >> ...In SLING-9874 I added an adapter factory to the XSS Protection API >> module, which can adapt a SlingHttpServletRequest or a >> ResourceResolver to an XSSAPI... > > Although we've been doing such things in the past I don't think it's a > good idea, as it's adapting a Request to <something different which is > not a request>. > > IOW I think adaptation should, in general, only be used to convert > between "different views of the same thing" which is not the case > here. Converting a Sling Resource to a JCR Node for example is clearly > "different views of the same thing", so ok from that perspective. > > I have the impression that there's an implicit consensus among several > of us about this but we might want to document it better. Sorry that > this lack of clarity is causing extra work for you. > >> ...Now, according to comments in SLING-9874 it seems that Konrad and Radu >> are opposed to this adapter factory... > > Given the above comments I also prefer that you omit that adapter > factory. I suppose the XSSAPI is an OSGi service, if that's the case > there are other, better, less "magic" ways to acquire it. > > -Bertrand
