[
https://issues.apache.org/jira/browse/JCR-3534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13608930#comment-13608930
]
Marcel Reutegger commented on JCR-3534:
---------------------------------------
Here's what Angela and I briefly discussed yesterday, which has similarities to
what Thomas proposed. Please consider this as taking notes of the discussion,
rather then a full fledged proposal.
Repository instances connected to a shared data store trust each other by means
of a shared shared secret or some other mechanism to verify 'messages' from the
other instance. A client of the JCR API can get a content identifier from a
binary property stored in the data store via
JackrabbitValue.getContentIdentity(). The returned value is an encrypted
message, which contains the current userId and the hash of the data store item.
This value can then be sent to the other repository and a JCR Value will be
created from this message. We were not sure how exactly that would work. One
option we discussed was a custom JCR Binary class recognized by the repository
implementation. The created binary can then be used to set a property. The
implementation will then decrypt and verify the message and extract the userId
and the hash. If the userId does not match the current user, then the
repository will throw an exception. If the userId matches and an item with the
given hash already exists, the implementation will set the property to the
given value. Otherwise the call to setProperty() behaves as if it was passed a
null value, which is equivalent to removing the value. This allows a client to
check whether the binary is already on the target system.
The benefit of this mechanism is, that you cannot generate content identifiers
on a system and then use it to attack another one. Rather the content
identifier depends on something like a salt or shared secret, as proposed by
Thomas. The system further guarantees a user is only able to see data store
items on the target system he had access to on the source system.
Comments welcome.
> Add JackrabbitSession.getValueByContentId method
> ------------------------------------------------
>
> Key: JCR-3534
> URL: https://issues.apache.org/jira/browse/JCR-3534
> Project: Jackrabbit Content Repository
> Issue Type: New Feature
> Components: jackrabbit-api, jackrabbit-core
> Affects Versions: 2.6
> Reporter: Felix Meschberger
> Attachments: JCR-3534.patch
>
>
> we have a couple of use cases, where we would like to leverage the global
> data store to prevent sending around and copying around large binary data
> unnecessarily: We have two separate Jackrabbit instances configured to use
> the same DataStore (for the sake of this discussion assume we have the
> problems of concurrent access and garbage collection under control). When
> sending content from one instance to the other instance we don't want to send
> potentially large binary data (e.g. video files) if not needed.
> The idea is for the sender to just send the content identity from
> JackrabbitValue.getContentIdentity(). The receiver would then check whether
> the such content already exists and would reuse if so:
> String ci = contentIdentity_from_sender;
> try {
> Value v = session.getValueByContentIdentity(ci);
> Property p = targetNode.setProperty(propName, v);
> } catch (ItemNotFoundException ie) {
> // unknown or invalid content Identity
> } catch (RepositoryException re) {
> // some other exception
> }
> Thus the proposed JackrabbitSession.getValueByContentIdentity(String) method
> would allow for round tripping the JackrabbitValue.getContentIdentity()
> preventing superfluous binary data copying and moving.
> See also the dev@ thread
> http://jackrabbit.markmail.org/thread/gedk5jsrp6offkhi
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
