Carsten Ziegeler created SLING-9622:
---------------------------------------
Summary: Avoid registration of auth requirements for aliases and
vanity paths
Key: SLING-9622
URL: https://issues.apache.org/jira/browse/SLING-9622
Project: Sling
Issue Type: Improvement
Components: Authentication
Reporter: Carsten Ziegeler
Right now when auth requirements are registered, they need to be registered for
the resource path, as well as all vanity paths and potentially all combinations
of aliases for that path. First of all, this creates potentially a lot of auth
requirements for a single path, but as well requires that the registrar of the
auth requirement to be aware of vanity paths and aliases and do the right thing
and update the auth requirements whenever there are changes.
We should avoid these additional registrations and processing.
The SlingAuthenticator is currently checking the request path against the auth
requirements. We could change this with checking the resolved path. So the
authenticator could use a service user resolver and resolve the path and then
check the auth requirements.
This avoids all the extra work for the registrar of the auth requirements, but
comes with the additional cost of a resolve call per request
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
