Hi, I'm planning a project that will feature a hierarchical multimedia content store. I'm in the process of assessing technologies that should comprise the project's core, and from what I've learned yet, Oak is the way to go.
However, I'm a bit new to the topic, so I'll be grateful if somebody helps me clarify the following points. The overall project architecture will consist of REST-enabled content repository (presumably Oak), JavaEE application (JPA+EJB+JAX-RS) and a HTML5 frontend that will connect to both repository and application via REST. 1. Binary content delivery. How good/bad is the idea to serve binary content right off the repository? I know things are different for images/PDFs vs. audio/video, but I'm afraid my project will feature all of the above. While investigating, I've stumbled upon this page: https://wiki.apache. org/jackrabbit/JCR%20Binary%20Usecase >From it, I can deduce that the problem is well-known, but apparently hasn't been addressed yet. Maybe someone has more up-to-date info? I'm particularly interested in sendfile support. 2. Security. The project will use KeyCloak for authentication, identity management, SSO and social login. In a few words, KeyCloak is an OpenID Connect and SAML provider coupled with its own advanced identity management, social login brokering etc. I wonder how much coding will be needed (if any) to make things work with Oak? Some technical details. KeyCloak offers so called adapters to secure applications and services. An adapter module is installed into the application server and configured to secure applications. It does all the heavy lifting like HTTP redirects, token processing etc. Upon successful authentication, it sets up a Java EE Principal object. Additionally, an application can use KeyCloak API to retrieve raw OpenID Connect / SAML token for further processing. Is this enough to implement uniform authentication for both components (Oak and Java EE)? What about different deployment models (embedded vs. server)? What about external user management, will I need to implement anything? Just FYI, I'm a KeyCloak contributor, and I'll be eager to contribute to Oak too to facilitate better integration between the two projects in the area of security. 3. Deployment. Is it correct that all the Jackrabbit deployment models (embedded, shared, server) apply to Oak too? I think I'll start with the embedded repository. Is it right that I should create something like oak-examples/webapp and probably implement myself something similar to oak-http (since oak-http is broken ATM)? 4. Transactions. Is it correct that with JTA I can have transactions that span both JPA and Oak scopes? What about different deployment models (most interestingly server)? I apologize for asking so many questions at once. Oak looks very promising, and I'm looking forward to have a good experience developing my project around it. Thanks in advance! Dmitry
