[jira] [Commented] (SLING-5760) Allow to support certificate based authentication in Distribution transport

Mon, 13 Jun 2016 07:45:16 -0700 

    [ 
https://issues.apache.org/jira/browse/SLING-5760?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15327514#comment-15327514
 ] 

Timothee Maret commented on SLING-5760:
---------------------------------------

Thanks [~mpetria] for your comment. You are right, in the current patch, the 
{{DistributionContext}} should be a consumer type. 

{{DistributionContext}} could remain a provider type if turn it into a final 
class in the API package. In addition to that, we could have add a builder 
class for {{DistributionContext}} instance in the API package as well.

Alternatively, we could turn {{DistributionContext}} into a consumer type, but 
then evolving the context API will break consumers. Arguably, this may not 
happen since we pass generic arguments {{<String, Objet>}}.

Any option you feel is best ?

> Allow to support certificate based authentication in Distribution transport
> ---------------------------------------------------------------------------
>
>                 Key: SLING-5760
>                 URL: https://issues.apache.org/jira/browse/SLING-5760
>             Project: Sling
>          Issue Type: Improvement
>          Components: Distribution
>    Affects Versions: Content Distribution Core 0.1.18
>            Reporter: Timothee Maret
>            Assignee: Timothee Maret
>             Fix For: Content Distribution 0.2.0
>
>         Attachments: SLING-5760.patch
>
>
> Certificate based authentication is an alternative to the basic 
> authentication currently available for Distribution transport. Certificate 
> based authentication is done during the SSL handshake iff the target instance 
> is configured to require or accept client client authentication. This client 
> authentication scheme is a logical complement when connecting to endpoints 
> serving over https. This result in authenticating both the source and the 
> target using SSL.
> The client certificate and private key are required to complete the SSL 
> handshake. By default, the JRE will use the default {{KeyStore}} to retrieve 
> those informations. However, in some platforms such as Adobe Granite, there 
> is the ability to specify custom {{KeyStore}} based on user. For those 
> platforms, the custom {{KeyStore}} can be provided with a 
> {{javax.net.ssl.SSLContext}} which also contains a custom {{TrustStore}}.
> This issue tracks allowing to leverage certificate based authentication using 
> a custom {{javax.net.ssl.SSLContext}} in Distribution transport.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to