[jira] [Commented] (SLING-9622) Avoid registration of auth requirements for aliases and vanity paths

Thu, 20 Aug 2020 08:14:19 -0700 


    [ 
https://issues.apache.org/jira/browse/SLING-9622?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17181254#comment-17181254
 ] 

Angela Schreiber commented on SLING-9622:
-----------------------------------------

[~rombert], i will need to look into the 
{{SlingAuthenticator.getHandlerSelectionPath}}....

regarding vanity-path lookup: i concluded the same after spending some time 
with the {{MapEntries}} entries. maybe i got confused, but somehow i still feel 
that i don't yet fully understand all the subtleties of the 
{{ResourceResolver.resolve}} mechanism and how that works in combination with 
the vanity paths (where i have to admit that i am no longer sure what exactly 
the valid formats are) and if my initial tests in AEM did really captured the 
full picture.

maybe things are less complex... but today i got a bit lost in the 
resource-resolver code ;) i will give it another try tomorrow. without a better 
understanding though i would not feel comfortable reviewing a patch you 
probably will come up with earlier than me.


> Avoid registration of auth requirements for aliases and vanity paths
> --------------------------------------------------------------------
>
>                 Key: SLING-9622
>                 URL: https://issues.apache.org/jira/browse/SLING-9622
>             Project: Sling
>          Issue Type: Improvement
>          Components: Authentication
>            Reporter: Carsten Ziegeler
>            Assignee: Carsten Ziegeler
>            Priority: Major
>             Fix For: Auth Core 1.5.0
>
>          Time Spent: 1.5h
>  Remaining Estimate: 0h
>
> Right now when auth requirements are registered, they need to be registered 
> for the resource path, as well as all vanity paths and potentially all 
> combinations of aliases for that path. First of all, this creates potentially 
> a lot of auth requirements for a single path, but as well requires that the 
> registrar of the auth requirement to be aware of vanity paths and aliases and 
> do the right thing and update the auth requirements whenever there are 
> changes.
> We should avoid these additional registrations and processing.
> The SlingAuthenticator is currently checking the request path against the 
> auth requirements. We could change this with checking the resolved path. So 
> the authenticator could use a service user resolver and resolve the path and 
> then check the auth requirements.
> This avoids all the extra work for the registrar of the auth requirements, 
> but comes with the additional cost of a resolve call per request



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to