Service user privilege declaration based on principal names
TODO - link to docs
Service users may now be declared as having a list of principal names which exhaustively map the privileges they contain. This style of declaration is preferred since it reduces redundancy and adds clarity to the privileges used by a certain service user. Pre-authentication can also lead to performance improvements.
The OSGi configuration differs from the standard model by using an array to hold the principal names, as opposed to a single value. An example can be seen below
org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-resourceresolver user.mapping=[ "org.apache.sling.resourceresolver:mapping\=[repository-reader-service]" ]
See the Oak documentation on pre-authentication for more details.
Enhancements to the repoinit language