[
https://issues.apache.org/jira/browse/SLING-7930?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Karl Pauls resolved SLING-7930.
-------------------------------
Resolution: Fixed
Basically, I think this issues comes down to two things namely,
only provide ServiceUserMapped services for mappings where the service user is
valid
provide ServiceUserMapped service(s) for the default user (if any).
In regard to 1) it turns out, we already have verification around - we just
didn't use it for the mappings. Consequently, I just piggyback on the existing
verification and only make services available that have a valid service user
(i.e., filter out all that don't). That should work ok for the case where we
don't have jcr around as in that case there is no verifier (and hence, all
service users are valid) - unless somebody provides a different one (i.e., it
is up to the resource providers to provide verifiers).
In regard to 2) I publish a default ServiceUserMapped in case default user is
enabled (or provided). I then turn around in the hooks and make sure it is a
valid one (its a little more complicated in there because we don't want to
check for them unless we have to as that generated warnings).
Done in
https://github.com/apache/sling-org-apache-sling-serviceusermapper/pull/1
> Provide default ServiceUserMapped services
> ------------------------------------------
>
> Key: SLING-7930
> URL: https://issues.apache.org/jira/browse/SLING-7930
> Project: Sling
> Issue Type: Improvement
> Components: Service User Mapper
> Reporter: Carsten Ziegeler
> Assignee: Karl Pauls
> Priority: Major
> Fix For: Service User Mapper 1.4.4
>
>
> One goal of Sling is to be configurationless. With SLING-6772, the service
> user mapper module introduces a default for service user mappings. However
> this does not include registering a ServiceUserMapped service - but, other
> services in the system have a reference on such services to ensure that a
> mapping is available.
> In addition, currently ServiceUserMapped only ensures that a "mapping" is
> available, but not the service user itself
> This has been recently discussed in the Sling mailing list
> [https://lists.apache.org/thread.html/b7a00588cd6c44078d38572b38002965916c9f18dedd9a64380428ad@%3Cdev.sling.apache.org%3E]
>
> We would use the existing service hooks to see if for any given
> ServiceUserMapped requested we can actually log into all registered resource
> providers that require authentication and are not lazy. If a login exception
> occurs, it's not available and we don't register the ServiceUserMapped.
> Obviously, if a resource provider gets added that requires authentication and
> is not lazy we need to recheck but this way we at least would neither exposes
> service users to the world nor, require API changes.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
