You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-dev@jackrabbit.apache.org by Alexander Klimetschek <ak...@adobe.com> on 2016/09/07 20:55:31 UTC

Re: Usecases around Binary handling in Oak

Hi everyone,

late to the gameā€¦ back from a long leave :) I just wanted to chime in the security discussion.

Please be aware that the ReferenceBinary interface [1] exists today (I haven't seen that mentioned in this or the previous thread, please excuse if I missed it). It has a String getReference() method which in case of a filedata store will include the hash, from which you can calculate the file location. We have actively used this in a performance optimization as described in the use case as described by Chetan. See [2] for some code showcasing it.

Yes, this requires knowing an implementation detail (and we fall back to using the JCR binary interface in case the file cannot be found), but if you think there is a security issue, it exists in Jackrabbit/Oak already.

I do understand the performance problem, which can be a big one, so finding a secure solution would be great. The important case is IMO about bridging non-JCR-API capable application (say imagemagick, S3 URLs/browsers etc.), which cannot be rewritten to use the JCR API, with the file data store, and IIUC readonly access is fine (UC1 mostly).

Cheers,
Alex

[1] https://jackrabbit.apache.org/api/2.6/org/apache/jackrabbit/api/ReferenceBinary.html

[2] sample code

    public static File getDataStoreRef(Node ntFile) throws RepositoryException {
        if (ntFile.hasProperty(PN_FILE_DATA)) {
            Property property = ntFile.getProperty(PN_FILE_DATA);
            if (property.getType() == PropertyType.BINARY) {
                Binary binary = property.getBinary();
                if (binary instanceof ReferenceBinary) {
                    String ref = ((ReferenceBinary) binary).getReference();
                    // oak reference is "hash:something"
                    ref = StringUtils.substringBefore(ref, ":");
                    if (ref == null) {
                        // This happens when asset has been created before file datastore option was configured
                        // Looks like rendition data is not being extracted for existing assets
                        return null;
                    }
                    // hash to datastore file structure - from Jackrabbit FileDataStore
                    File file = new File(ref.substring(0, 2));
                    file = new File(file, ref.substring(2, 4));
                    file = new File(file, ref.substring(4, 6));
                    file = new File(file, ref);
                    return file;
                }
            }
        }
        return null;
    }