You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by anchela <gi...@git.apache.org> on 2016/07/19 10:11:29 UTC

[GitHub] sling pull request #153: SLING-5792, SLING-5868, SLING-5795

GitHub user anchela opened a pull request:

    https://github.com/apache/sling/pull/153

    SLING-5792, SLING-5868, SLING-5795

    ## SLING-5792: API to manage Authentication Requirement
    
    ### Changes
    - new interface 'AuthenticationRequirement'
    - implemented by SlingAuthenticator
    - additionally: annotations with helper classes in the impl package to improve readability
    
    ### Notes
    with the implementation in SlingAuthenticator the values in the 'props' map change from array of AuthenticationRequirementHolder to a Set, which IMO corresponds better to the PathBasedHolderCache, which at some point has changed from ArrayList to SortedSet... but that for sure requires a careful review (also from a performance PoV)
    
    ### TODO
    - the original code synchronized on 'props' before updating the PathBasedHolderCache, which itself was synchronized. That looks troublesome to me and with the patch this is separated.
    - I would like to write some benchmarks to be able to compare performance of AuthenticationRequirement vs. the ServiceListener approach as well as the effect of moving from array to Set in the props-map. But: I couldn't find the right way of doing this in Apache Sling (see also SLING-5791 for a specific issue).
    
    ## SLING-5795 and SLING-5868
    
    ### Changes
    - new module 'org.apache.sling.auth.requirement' in the contrib/auth space
    - new public API 'LoginPathProvider'
    - implementation based on Jackrabbit Oak that allows to mark subtrees with the set of configured supported paths to require authentication including an optional login path.
    
    ### TODO
    - currently snapshot dependency to 'org.apache.sling.auth.core' due to usage of 'AuthenticationRequirement'
    - repo-init that defines the service-user required for the default implementation
    - Oak index definition that prevents traversal for initial query 

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/anchela/sling trunk

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/sling/pull/153.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #153
    
----
commit b11eaaa043a406ccac16a07edec0c7815d1cba5a
Author: angela <an...@adobe.com>
Date:   2016-07-19T08:23:44Z

    SLING-5792 : API to manage Authentication Requirement

commit 28c147c387b997e3d2106e1ad82d2b35e50388a3
Author: angela <an...@adobe.com>
Date:   2016-07-19T09:14:24Z

    SLING-5868 : API to define and retrieve login path with along with authentication requirements
    SLING-5795: Allow for adding/removing individual AuthenticationRequirementHolder entries

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---