[jira] [Created] (SLING-5006) Allow to enable the usage of regular JCR users for service resolvers

Tue, 08 Sep 2015 03:42:00 -0700 

Konrad Windszus created SLING-5006:
--------------------------------------

             Summary: Allow to enable the usage of regular JCR users for 
service resolvers
                 Key: SLING-5006
                 URL: https://issues.apache.org/jira/browse/SLING-5006
             Project: Sling
          Issue Type: Improvement
          Components: Service User Mapper
            Reporter: Konrad Windszus


With SLING-3854 a {{ServiceUserValidator}} interface was introduced. Basically 
all OSGi services implementing that interface may decide whether certain users 
can be used as backing user for a call to 
{{ResourceResolverFactory.getServiceResolver(...)}}. The only implementation of 
that in Sling is {{JcrSystemUserValidator}} which only allows to use JCR system 
users.

The list of all those services is bound in the {{ServiceUserMapperImpl}} 
dynamically.
If you for example want to use that service to relax the policy being 
introduced with SLING-3854 (to e.g. allow all users as service users) you may 
register your own service just returning {{true}} for all users in the only 
method {{isValid}}. Unfortunately you don't know when your 
{{ServiceUserValidator}} service is bound (due to the dynamic restart behaviour 
of services). Therefore other services cannot rely on the fact that your own 
{{ServiceUserValidator}} is being available at a certain point in time and 
therefore their call to {{ResourceResolverFactory.getServiceResolver(...)}} may 
fail, if they rely on a non-System JCR user. Therefore this mechanism is not 
suitable to disable the enforcing of JCR system users.

Instead I would propose the following:
# allow to configure the {{ServiceUserMapper}} via an OSGi property named 
{{allowOnlySystemUsers}} which by default should be {{true}}.
# within the method {{ServiceUserMapperImpl.isValidUser}} you either allow all 
users or call {{JcrSystemUserValidator.isValidUser}} (in case 
{{allowOnlySystemUsers}} is  {{true}}).

Only that way it would be possible to reliable enable all users as system users 
which is especially helpful during development of a certain feature (although 
this is probably not a config you would set on a production intance).




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to