[
https://issues.apache.org/jira/browse/SLING-5792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15420668#comment-15420668
]
Carsten Ziegeler commented on SLING-5792:
-----------------------------------------
[~anchela] Just FYI, I've created SLING-5960 to clarify the javadoc for
AUTH_REQUIREMENTS - but that's independent of this discussion.
I've thought about this a little bit, and while I think that we could get away
without creating a new interface, it might be more efficient to do so:
Now, a component registering a service with an AUTH_REQUIREMENTS property does
not need to keep the whole list of paths in memory - the full information is in
the service registration property AUTH_REQUIREMENTS as a String[]. Therefore if
a new path is add, you can get the String[], add the new value - if a path is
removed, you get the String[], remove the path from the array, and if it is
changed, you do add/remove (or something more efficient). So it is possible and
does not require the client component to keep a copy of the auth requirements
in memory. However, the SlingAuthenticator keeps the whole list in memory and
this duplicates the info from the service registration. Which means we still
have two copies. Although the copy in the service registry should not consume
that much memory, it's just a String[] - the values are shared by this String[]
and the internal structure of SlingAuthenticator.
But doing so, has two problems - one is the memory consumption (which should
not be that problematic) but the other one is that if this list is large, the
Sling Authenticator will reprocess the full array even if only a single value
has been changed. Therefore I agree we should use a different mechanism.
I'll have a look at what the best option could be
> API to manage Authentication Requirement
> ----------------------------------------
>
> Key: SLING-5792
> URL: https://issues.apache.org/jira/browse/SLING-5792
> Project: Sling
> Issue Type: Sub-task
> Components: Authentication
> Reporter: angela
>
> Apart from the constant {{AuthConstants.AUTH_REQUIREMENTS}} there is no
> public API available that allowed applications to change the list of
> authentication requirement entries.
> Instead, applications need to know and rely on implementation details, which
> not only includes registering services with the
> {{AuthConstants.AUTH_REQUIREMENTS}} property included but also know about the
> required format of the property, which from my point of view should be and
> remain an implementation detail of
> {{org.apache.sling.auth.core.impl.SlingAuthenticator}}, which IMO should not
> be considered public API.
> To me it would feel more natural if there existed a
> {{AuthenticationRequirement}} interface defining methods to
> extend/update/clear the auth-requirements bound to a particular service
> reference and having {{org.apache.sling.auth.core.impl.SlingAuthenticator}}
> implementing that interface.
> Doing so, might also be beneficial from a performance/scalability POV but I
> would like to cover that in a separate sub-task.
> Proposal for this sub-tasks will follow as I am moving forward.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
