Jörg Hoh created SLING-7613: ------------------------------- Summary: Remove deprecation of SlingRepository.loginAdministrative() Key: SLING-7613 URL: https://issues.apache.org/jira/browse/SLING-7613 Project: Sling Issue Type: New Feature Components: ResourceResolver Affects Versions: Resource Resolver 1.5.36 Reporter: Jörg Hoh
There was a discussion on the Sling user list [1] about usecases which can only be solved using the deprecated loginAdministrative() call. In the context of Sling and Oak there are indeed a few cases which can be solved best with a true admin session: * locking and unlocking nodes which have been locked by a different user. * at deployments resources/nodes are deployed at many locations inside the repo, so you can either use an admin session or a system-user with an equivalent set of permissions. * the discussions leaves it open if the impersonation feature internally relies on an admin session or can be achieved without it. System users should be the preferred, but I would like to have an offical and non-deprecated way to get an admin session in the API. It's ok if I need to configure the explicit whitelisting as it is in place right now. But it should be there. Plus there should be proper documentation when to use which approach. [1] http://apache-sling.73963.n3.nabble.com/Deprecation-of-SlingRepository-loginAdministrative-td4081024.html -- This message was sent by Atlassian JIRA (v7.6.3#76005)