Hi all,
I would appreciate your valuable input on this. As mentioned in https://stackoverflow.com/a/45232236, I believe that there is no harm in using a `resourceResolver` from the request in a servlet. However, I personally lean towards using the `ResourceResolver` from the service user rather than the request object as I believe it is more secure in the way we have control over the ACLs for service user.
With that being said, what is the best practice ? In which scenarios should we prefer the `ResourceResolver` from the service user over the `ResourceResolver` from the request? What are the best practices and what are the pros and cons?
Thank you.
Veena
Solved! Go to Solution.
Views
Replies
Total Likes
The choice between using a ResourceResolver from the request or the service user depends on the specific requirements and security considerations of your application. Both approaches have their own pros and cons:
Using ResourceResolver from the request:
Using ResourceResolver from the service user:
Best practices:
It depends, if the servlet requires a resource resolver with more rights than the end user rights, then the resource resolver must be used from the service. But in most cases user has only read access to content area, so if servlet requires only read access then use resource resolver from request.
Using resource resolver from request will automatically close resource resolver, you don't have to do it explicitly unlike service-based resource resolver.
Thanks @arunpatidar . Makes sense .
The choice between using a ResourceResolver from the request or the service user depends on the specific requirements and security considerations of your application. Both approaches have their own pros and cons:
Using ResourceResolver from the request:
Using ResourceResolver from the service user:
Best practices:
Thanks @aanchal-sikka for the detailed explanation
great explanation!!
Thankyou so much for detailed Explanation ,now i 'm getting clarity