Hi Experts, We are using AEM 6.4.5 and working on a custom
authentication handler. Eventually the handler will invoke TokenUtil,
something like.TokenUtil.createCredentials(request, response,
this.repository, userId, true);Internally TokenUtil does the
following,repository.loginAdministrative((String)null); Meaning we need
to whitelist the bundle. However, Adobe has recommended that
whitelisting is not a good idea and definitely not advisable for
production instances. I could see this question al...