I'd like to propose adding a new, non-standard JCR descriptor for ModeShape that will allow clients to use the standard API (and a custom descriptor key) to access the available workspaces without having to establish a JCR session. I'm asking for feedback as to whether or not this is a good idea, and if not then why.
Here is the text of my proposal (from MODE-861):
We previously added a custom JCR repository descriptor so JCR clients can get the name of a repository through the standard API. Getting the names of the workspaces is only possible by connecting (and authenticating) to one of the workspaces. We should add another custom descriptor to get the available workspace names.
One possible issue with doing this is that the workspace names will not take into consideration whether a user will be able to connect. Not sure if this is considered a security violation (because it's not quite the same thing as an authentication challenge responding that the username is correct but the password is not).
A benefit of doing this is that the JOPR plugin can expose the available workspace names for a repository. Without this feature, we either need a public API method, otherwise JOPR (actually the managed objects in 'modeshape-jbossas-service') would need to establish a JCR Session to get the workspace names.
I should make it clear that I don't think adding custom descriptors is at issue. Sections 24.2 and 24.2.7 of the JCR 2.0 specification clearly states that an implementation may introduce additional descriptors.
The question is whether it makes sense to have a custom descriptor that exposes the workspace names.