[
https://issues.apache.org/jira/browse/SLING-6165?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15604661#comment-15604661
]
Oliver Lietz commented on SLING-6165:
-------------------------------------
{quote}
Bonus points for removing bundles from our default login admin whitelist \[1\]
if this new service allows that.
Currently both o.a.s.scripting.core and o.a.s.scripting.sightly are whitelisted
by default.
{quote}
[~bdelacretaz], [~cziegeler], exposing a service with access to the repository
for *all* without any checks contradicts the service user mapping and system
user concept.
IMHO this is rather not a bonus and I prefer having a check if the service user
of the using bundle matches the service user of the exposing bundle (Scripting
Core in this case).
> Expose a service for Sling Scripting that provides request-scoped Resource
> Resolvers for scripting dependencies
> ---------------------------------------------------------------------------------------------------------------
>
> Key: SLING-6165
> URL: https://issues.apache.org/jira/browse/SLING-6165
> Project: Sling
> Issue Type: New Feature
> Components: Scripting
> Reporter: Radu Cotescu
> Assignee: Radu Cotescu
> Fix For: Scripting Core 2.0.42, Scripting API 2.1.10
>
>
> A new Sling Scripting service ({{ScriptingResourceResolverFactory}}) should
> be implemented in order to provide access to request-based
> {{ResourceResolvers}} for solving script dependencies.
> The following two methods should be available:
> {noformat}
> /**
> * Provides a request-scoped {@link ResourceResolver} with only read access
> to the search paths. This resolver should be used for script
> * resolution in the context of the same request rendering process. The
> {@code ResourceResolver} should not be closed by consumers (calling
> * {@link ResourceResolver#close} doesn't do anything), since this service
> will handle the closing operation automatically. The
> * {@code ResourceResolver} will be shared between scripting dependencies
> that render parts of the response for the same request.
> */
> ResourceResolver getRequestScopedResourceResolver()
> /**
> * Provides a {@link ResourceResolver} with only read access to the search
> paths. Once you're done processing {@link Resource}s with this
> * {@code ResourceResolver} make sure to close it.
> */
> ResourceResolver getResourceResolver()
> {noformat}
> [sling-dev email
> thread|https://lists.apache.org/thread.html/db2a78249baf2d6234a4549a5aff8b5474256add9829f86ac78d1c56@%3Cdev.sling.apache.org%3E]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
