[jira] [Commented] (SLING-5274) Include authentication in RequestProgressTracker
[ https://issues.apache.org/jira/browse/SLING-5274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15145701#comment-15145701 ] Alexander Klimetschek commented on SLING-5274: -- Thanks Bertrand for SLING-5489, it's a good start. For the record, here are the other features in my patch that aren't covered and that might be useful: * include requests with authentication failures in the request history console ** done using RequestHistoryConsolePlugin.recordRequest(request) at the end of handleSecurity() when it returns false; also required some changes in RequestHistoryConsolePlugin to not rely on SlingHttpServletRequest and getPathInfo(), plus appropriate logging in handleSecurity() * more detailed logging inside SlingAuthenticator for the individual authentication steps AFAICS, these changes shouldn't depend on the switch to the OSGi http whiteboard implementation, but I don't know for sure. > Include authentication in RequestProgressTracker > > > Key: SLING-5274 > URL: https://issues.apache.org/jira/browse/SLING-5274 > Project: Sling > Issue Type: Improvement > Components: Engine >Reporter: Alexander Klimetschek > Attachments: SLING-5274-bertrand.patch, SLING-5274.patch > > > The request progress tracker only starts with the sling filters, after the > sling authentication ran through. Since authentication steps can be complex > with multiple handlers (just like filters) and can have a major performance > impact (custom auth handlers, slow resource resolver login) it would be very > useful to include it with detailed information. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-5274) Include authentication in RequestProgressTracker
[ https://issues.apache.org/jira/browse/SLING-5274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15134268#comment-15134268 ] Bertrand Delacretaz commented on SLING-5274: Ok, I have implemented the earlier creation of {{SlingRequestProgressTracker}} in SLING-5489. This should allow for simplifying Alex's original patch submitted here - I'm not planning to work on this myself though, due to EFULLPLATE. > Include authentication in RequestProgressTracker > > > Key: SLING-5274 > URL: https://issues.apache.org/jira/browse/SLING-5274 > Project: Sling > Issue Type: Improvement > Components: Engine >Reporter: Alexander Klimetschek > Attachments: SLING-5274-bertrand.patch, SLING-5274.patch > > > The request progress tracker only starts with the sling filters, after the > sling authentication ran through. Since authentication steps can be complex > with multiple handlers (just like filters) and can have a major performance > impact (custom auth handlers, slow resource resolver login) it would be very > useful to include it with detailed information. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-5274) Include authentication in RequestProgressTracker
[ https://issues.apache.org/jira/browse/SLING-5274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15134201#comment-15134201 ] Carsten Ziegeler commented on SLING-5274: - I'm not sure if it will be completely obsolete. I guess we could also apply it, and change afterwards. As long as we don't promote the request attribute for the tracker as API > Include authentication in RequestProgressTracker > > > Key: SLING-5274 > URL: https://issues.apache.org/jira/browse/SLING-5274 > Project: Sling > Issue Type: Improvement > Components: Engine >Reporter: Alexander Klimetschek > Attachments: SLING-5274-bertrand.patch, SLING-5274.patch > > > The request progress tracker only starts with the sling filters, after the > sling authentication ran through. Since authentication steps can be complex > with multiple handlers (just like filters) and can have a major performance > impact (custom auth handlers, slow resource resolver login) it would be very > useful to include it with detailed information. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-5274) Include authentication in RequestProgressTracker
[ https://issues.apache.org/jira/browse/SLING-5274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15134166#comment-15134166 ] Carsten Ziegeler commented on SLING-5274: - HttpContext#handleSecurity is the first thing that is called, then filters, then the servlet Right now we're using propriatary stuff from the Apache Felix implementation for the context support. Therefore we should switch to the OSGi Http Whiteboard implementation. If we do so, some things look a little bit different. So I would do that migration first, and then we can revisit this issue and do it right - whatever right than means > Include authentication in RequestProgressTracker > > > Key: SLING-5274 > URL: https://issues.apache.org/jira/browse/SLING-5274 > Project: Sling > Issue Type: Improvement > Components: Engine >Reporter: Alexander Klimetschek > Attachments: SLING-5274.patch > > > The request progress tracker only starts with the sling filters, after the > sling authentication ran through. Since authentication steps can be complex > with multiple handlers (just like filters) and can have a major performance > impact (custom auth handlers, slow resource resolver login) it would be very > useful to include it with detailed information. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-5274) Include authentication in RequestProgressTracker
[ https://issues.apache.org/jira/browse/SLING-5274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15134136#comment-15134136 ] Bertrand Delacretaz commented on SLING-5274: I like the idea, had a quick look at the patch yesterday and it touches a lot of things indeed. If we can find a cleaner/simpler way of doing the same thing that would be better. IIUC we want the RequestProgressTracker to be available early in the request processing phase, maybe a non-Sling Filter is a good place to create it, and it can be enhanced as the request progresses, with the Sling-specific objects. > Include authentication in RequestProgressTracker > > > Key: SLING-5274 > URL: https://issues.apache.org/jira/browse/SLING-5274 > Project: Sling > Issue Type: Improvement > Components: Engine >Reporter: Alexander Klimetschek > Attachments: SLING-5274.patch > > > The request progress tracker only starts with the sling filters, after the > sling authentication ran through. Since authentication steps can be complex > with multiple handlers (just like filters) and can have a major performance > impact (custom auth handlers, slow resource resolver login) it would be very > useful to include it with detailed information. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-5274) Include authentication in RequestProgressTracker
[ https://issues.apache.org/jira/browse/SLING-5274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15134105#comment-15134105 ] Carsten Ziegeler commented on SLING-5274: - I think in general this makes totally sense - but I'm not sure if the current approach is the best, especially if we think about moving to the http whiteboard implementation (which we should do soon) Context#handleSecurity is called "before" Sling, that's why this patch does this rather ugly passing around of the request progress tracker. I think we should try to think about a cleaner solution > Include authentication in RequestProgressTracker > > > Key: SLING-5274 > URL: https://issues.apache.org/jira/browse/SLING-5274 > Project: Sling > Issue Type: Improvement > Components: Engine >Reporter: Alexander Klimetschek > Attachments: SLING-5274.patch > > > The request progress tracker only starts with the sling filters, after the > sling authentication ran through. Since authentication steps can be complex > with multiple handlers (just like filters) and can have a major performance > impact (custom auth handlers, slow resource resolver login) it would be very > useful to include it with detailed information. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-5274) Include authentication in RequestProgressTracker
[ https://issues.apache.org/jira/browse/SLING-5274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15134057#comment-15134057 ] Chetan Mehrotra commented on SLING-5274: [~cziegeler] [~bdelacretaz] [~rombert] Thoughts? Can we have this patch included > Include authentication in RequestProgressTracker > > > Key: SLING-5274 > URL: https://issues.apache.org/jira/browse/SLING-5274 > Project: Sling > Issue Type: Improvement > Components: Engine >Reporter: Alexander Klimetschek > Attachments: SLING-5274.patch > > > The request progress tracker only starts with the sling filters, after the > sling authentication ran through. Since authentication steps can be complex > with multiple handlers (just like filters) and can have a major performance > impact (custom auth handlers, slow resource resolver login) it would be very > useful to include it with detailed information. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-5274) Include authentication in RequestProgressTracker
[ https://issues.apache.org/jira/browse/SLING-5274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15131696#comment-15131696 ] Chetan Mehrotra commented on SLING-5274: +1. Looks useful and would simplify debugging authentication issues > Include authentication in RequestProgressTracker > > > Key: SLING-5274 > URL: https://issues.apache.org/jira/browse/SLING-5274 > Project: Sling > Issue Type: Improvement > Components: Engine >Reporter: Alexander Klimetschek > Attachments: SLING-5274.patch > > > The request progress tracker only starts with the sling filters, after the > sling authentication ran through. Since authentication steps can be complex > with multiple handlers (just like filters) and can have a major performance > impact (custom auth handlers, slow resource resolver login) it would be very > useful to include it with detailed information. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-5274) Include authentication in RequestProgressTracker
[ https://issues.apache.org/jira/browse/SLING-5274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14994940#comment-14994940 ] Alexander Klimetschek commented on SLING-5274: -- Maybe a separate topic, but it would be super awesome if we could also log the osgi httpservice level steps (in Sling's default setup, where it's embedded into that). This includes filters that most folks aren't even aware of, and also httpservice level servlets that never appear here. It would require to generalize the tracker a bit and somehow hook it into the felix http service impl... > Include authentication in RequestProgressTracker > > > Key: SLING-5274 > URL: https://issues.apache.org/jira/browse/SLING-5274 > Project: Sling > Issue Type: Improvement > Components: Engine >Reporter: Alexander Klimetschek > Attachments: SLING-5274.patch > > > The request progress tracker only starts with the sling filters, after the > sling authentication ran through. Since authentication steps can be complex > with multiple handlers (just like filters) and can have a major performance > impact (custom auth handlers, slow resource resolver login) it would be very > useful to include it with detailed information. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-5274) Include authentication in RequestProgressTracker
[ https://issues.apache.org/jira/browse/SLING-5274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14994887#comment-14994887 ] Alexander Klimetschek commented on SLING-5274: -- Example: {noformat} 0 TIMER_START{Request Processing} 1 COMMENT timer_end format is {,} 8 LOG Method=GET, Path=/is/image/content/dam/geometrixx/portraits/scott_reynolds.jpg 12 TIMER_START{Authentication} 24 LOG Calling auth handler: Cloud IMS Authentication Handler 46 LOG Calling auth handler: OAuth Authentication Handler 65 LOG Calling auth handler: Day CQ Login Selector Authentication Handler 68 LOG Calling auth handler: Granite Client Certificate Authentication Handler 71 LOG Calling auth handler: Token Authentication Handler 77 LOG Calling auth handler: ImageServer Authentication Handler 80 LOG Calling auth handler: org.apache.sling.auth.core.impl.HttpBasicAuthenticationHandler 101 LOG AuthenticationHandlers returned: type=BASIC, userId=admin 105 LOG Calling auth post processor: com.adobe.cq.social.commons.cors.CORSAuthInfoPostProcessor 106 LOG Calling auth post processor: org.apache.sling.jcr.resource.internal.WorkspaceAuthInfoPostProcessor 109 LOG Calling auth post processor: com.adobe.cq.creativecloud.cloudims.impl.auth.cookie.TokenAuthenticationInfoPostProcessor 144 LOG Trying to get a resource resolver for: type=BASIC, userId=admin 12408 LOG Login success: Resource Resolver, userId=admin 12428 TIMER_END{12415,Authentication} succeeded 12611 TIMER_START{ResourceResolution} ... existing logs {noformat} > Include authentication in RequestProgressTracker > > > Key: SLING-5274 > URL: https://issues.apache.org/jira/browse/SLING-5274 > Project: Sling > Issue Type: Improvement > Components: Engine >Reporter: Alexander Klimetschek > > The request progress tracker only starts with the sling filters, after the > sling authentication ran through. Since authentication steps can be complex > with multiple handlers (just like filters) and can have a major performance > impact (custom auth handlers, slow resource resolver login) it would be very > useful to include it with detailed information. -- This message was sent by Atlassian JIRA (v6.3.4#6332)