Hi,
On 9 October 2013 16:21, Felix Meschberger <[email protected]> wrote:
> Hi
>
> Am 08.10.2013 um 10:40 schrieb Ian Boston:
>
>> Hi,
>> The whitelist configuration in this servlet is causing some problems
>> where the contents of the whitelist is potentially large and changing,
>> since it requires constant re-configuration.
>
> What is the problem with that ?
When the whitelist in the central discovery endpoint depends on the
topology itself, it causes production deployment problems, especially
when the configuration of the end point and the management of the
topology of the production deployment are managed by different roles
within the organisation. This is typical of many organisations.
Engineers don't manage operations and TechOps don't manage
engineering. Normally configuration would be managed by TechOps but
with Sling that doesn't appear to be the case. Consequently the 2 get
out of sync, and if you are using Sling Discovery to transport
metadata about your topology, lots of things start to break when nodes
are not in the whitelist.
In our special case we have 1 central discovery end point, if we had
n, the problem would multiply by n.
>
> And why would a service API help mitigate that issue ?
It would give those that are able to see the deployment infrastructure
that they are dealing with, the opportunity to address this issue.
> Considering that service would have to be reconfigured, too, and your code
> sample belows uses a static reference ?
AFAIK it uses an optional reference, satisfied by a implementation
outside Sling. The snippet was written from memory directly into the
email to communicate what I was trying to discuss. Its is not real
code.
>
> Also, noted in another thread, this would require export of the API from the
> impl bundle, which I am not very happy with...
>
> Finally -- and this is purely subjective -- I am not very happy with the name
> WhiteListProvider and then WhiteListProvider.isWhiteListed... Also would
> there be other needs for hooking into this servlet ?
>
I have been working on an implementation most of the day that is
nothing like what was first discussed, I will commit in a moment. Much
better to share real code with unit test coverage.
Best Regards
Ian
> Regards
> Felix
>
>
>
>>
>> Would it be possible to have a API service that is consulted if
>> present to check if the request is allowed. For those that want to use
>> the service they would configure the whitelist to reject everything
>> while the service was not present so avoid startup issues.
>>
>> eg
>>
>> + @Reference(cardinality=ReferenceCardinality.OPTIONAL_UNARY)
>> + private WhiteListProvider whiteListProvider;
>>
>> /** Checks if the provided request's remote server is whitelisted **/
>>
>> private boolean isWhitelisted(final SlingHttpServletRequest request) {
>> + if (whiteListProvider != null) {
>> + whiteListProvider.isWhitelisted(request);
>> + }
>> if (whitelist.contains(request.getRemoteAddr())) {
>>
>> return true;
>>
>> } else if (whitelist.contains(request.getRemoteHost())) {
>>
>> return true;
>>
>> }
>>
>> logger.info("isWhitelisted: rejecting " + request.getRemoteAddr()
>>
>> + ", " + request.getRemoteHost());
>>
>> return false;
>>
>> }
>>
>>
>> and in the API, presumably discovery api.
>>
>> public interface WhiteListProvider {
>>
>> private boolean isWhitelisted(HttpServletRequest request);
>>
>> }
>>
>>
>> Best Regards
>> Ian
>
