Hi Am 08.10.2013 um 10:40 schrieb Ian Boston:
> Hi,
> The whitelist configuration in this servlet is causing some problems
> where the contents of the whitelist is potentially large and changing,
> since it requires constant re-configuration.
What is the problem with that ?
And why would a service API help mitigate that issue ? Considering that service
would have to be reconfigured, too, and your code sample belows uses a static
reference ?
Also, noted in another thread, this would require export of the API from the
impl bundle, which I am not very happy with...
Finally -- and this is purely subjective -- I am not very happy with the name
WhiteListProvider and then WhiteListProvider.isWhiteListed... Also would there
be other needs for hooking into this servlet ?
Regards
Felix
>
> Would it be possible to have a API service that is consulted if
> present to check if the request is allowed. For those that want to use
> the service they would configure the whitelist to reject everything
> while the service was not present so avoid startup issues.
>
> eg
>
> + @Reference(cardinality=ReferenceCardinality.OPTIONAL_UNARY)
> + private WhiteListProvider whiteListProvider;
>
> /** Checks if the provided request's remote server is whitelisted **/
>
> private boolean isWhitelisted(final SlingHttpServletRequest request) {
> + if (whiteListProvider != null) {
> + whiteListProvider.isWhitelisted(request);
> + }
> if (whitelist.contains(request.getRemoteAddr())) {
>
> return true;
>
> } else if (whitelist.contains(request.getRemoteHost())) {
>
> return true;
>
> }
>
> logger.info("isWhitelisted: rejecting " + request.getRemoteAddr()
>
> + ", " + request.getRemoteHost());
>
> return false;
>
> }
>
>
> and in the API, presumably discovery api.
>
> public interface WhiteListProvider {
>
> private boolean isWhitelisted(HttpServletRequest request);
>
> }
>
>
> Best Regards
> Ian
smime.p7s
Description: S/MIME cryptographic signature
