Child pages
  • Sling 10 Release Notes

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Service user privilege declaration based on principal names

TODO - link to docs

Service users may now be declared as having a list of principal names which exhaustively map the privileges they contain. This style of declaration is preferred since it reduces redundancy and adds clarity to the privileges used by a certain service user. Pre-authentication can also lead to performance improvements.

The OSGi configuration differs from the standard model by using an array to hold the principal names, as opposed to a single value. An example can be seen below

Code Block
  org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-resourceresolver
    user.mapping=[
      "org.apache.sling.resourceresolver:mapping\=[repository-reader-service]"
    ]

See the Oak documentation on pre-authentication for more details.

Enhancements to the repoinit language

...