[ https://issues.apache.org/jira/browse/SLING-3179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13868599#comment-13868599 ]
Alexander Klimetschek edited comment on SLING-3179 at 1/11/14 2:15 AM: ----------------------------------------------------------------------- I don't see how this is adding security other than reintroducing the TrustedInfo again, just with different and more complex code. Why the Subject doAs part: the code already does an "evil" repository.loginAdministrative() - then it would be much simpler to do impersonation on the session rather than the complex doAs() logic, which really exposes internal JCR/repository user logic, i.e. how principals are set up, including group membership, while on the JCR layer a user is simply identified by a string id. was (Author: alexander.klimetschek): I don't see how this is adding security other than reintroducing the TrustedInfo again, just with different and more complex code. Why the Subject doAs part: it already does an "evil" repository.loginAdministrative() - then it would be much simpler to do impersonation on the session rather than the complex doAs() logic, which really exposes internal JCR/repository user logic, i.e. how principals are set up, including group membership, while on the JCR layer a user is simply identified by a string id. > Implement solution to the Authentication Handler Credential Validation Problem > ------------------------------------------------------------------------------ > > Key: SLING-3179 > URL: https://issues.apache.org/jira/browse/SLING-3179 > Project: Sling > Issue Type: Bug > Components: API, JCR, ResourceResolver > Affects Versions: JCR Base 2.1.2, API 2.4.2, Resource Resolver 1.0.6 > Reporter: Felix Meschberger > Assignee: Antonio Sanso > Attachments: SLING-3179.diff, SLING-3179.patch > > > The proposal [Solving the Authentication Handler Credential Validation > Problem|https://cwiki.apache.org/confluence/display/SLING/Solving+the+Authentication+Handler+Credential+Validation+Problem] > should be implemented. -- This message was sent by Atlassian JIRA (v6.1.5#6160)