Meaning we need to whitelist the bundle. However, Adobe has recommended that whitelisting is not a good idea and definitely not advisable for production instances. I could see this question already asked for AEM6_3
I am not really certain if I should do the whitelisting or what is the way forward. Kindly advise.
There were always a flaw in the design that was getting Admin session and using and it was also violating the principle of least privileges that is why adobe is recommending not to use admin session and not to whitelist the bundle that is using admin session from SlingRepository.loginAdministrative().
so Solution of this is only to go with Service User approach.