[
https://issues.apache.org/jira/browse/SLING-12300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17839397#comment-17839397
]
Paul Bjorkstrand commented on SLING-12300:
------------------------------------------
To clarify my position:
I am not against having a mechanism to access them via identifier. My argument
is mostly around the 'magic" path of {{/jcr:id/*}}. To me, I feel using a new
method (as mentioned above) to perform this function. If you are creating an
application that works outside the typical Sling hierarchical retrieve, it
should probably be a new primitive in Sling, and not comingled with the
existing {{getResource()}}.
An argument for this functionality might be: Sling already have vanity paths
that muddy this concept, so what is the concern for another?
About the security argument, I think it is fair to say that we all know that
"security by obscurity" is no security at all. Just because there is some means
to access nodes by some ID that has a smaller universe of unique identifiers
compared to the path does not change any of the security
characteristics...unless you are using obscurity as your security mechanism.
As Radu stated, the security checks performed are still the same ones that
would be performed on the target node/resource, so there is no real security
weakening here.
While I still think that adding the magic path is still a possible source of
confusion, I am not so against it after some deeper thinking on it. I still
believe that a new method would be better, but it seems reasonable, especially
when compared side-by-side with vanities.
Would creating a new resource provider actually duplicate a lot? Or would you
be able to build this as an additional provider in the same bundle as the JCR
Resource Provider, and use the same functionality directly?
> Provide a way to retrieve a JCR backed resource by its node identifier
> ----------------------------------------------------------------------
>
> Key: SLING-12300
> URL: https://issues.apache.org/jira/browse/SLING-12300
> Project: Sling
> Issue Type: New Feature
> Components: JCR
> Reporter: Radu Cotescu
> Assignee: Radu Cotescu
> Priority: Major
> Fix For: JCR Resource 3.3.0
>
>
> Since all {{javax.jcr.Nodes}} have an identifier [0], a useful feature would
> be {{Resource}} retrieval by node id, which could be its {{jcr:uuid}}
> property for referenceable nodes or the path. In systems that would like to
> use UUID addressing, this would reduce the need for executing JCR queries for
> resource retrieval and would avoid double-reads via the JCR and then Sling
> API to obtain the resource.
> In order to provide a unified behaviour, paths starting with the {{/jcr:id/}}
> prefix should use the resource retrieval by node identifier.
> [0] -
> https://javadoc.io/static/javax.jcr/jcr/2.0/javax/jcr/Node.html#getIdentifier()
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
