You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Ian Boston (JIRA)" <ji...@apache.org> on 2017/06/27 11:56:00 UTC
[jira] [Comment Edited] (SLING-6979) Support authorization of
access to external content
[ https://issues.apache.org/jira/browse/SLING-6979?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16064703#comment-16064703 ]
Ian Boston edited comment on SLING-6979 at 6/27/17 11:55 AM:
-------------------------------------------------------------
Branch underway at https://github.com/ieb/sling/tree/SLING-6979
https://github.com/ieb/sling/tree/SLING-6979/contrib/commons/offload-operations
was (Author: ianeboston):
Branch underway at https://github.com/ieb/sling/tree/SLING-6979
> Support authorization of access to external content
> ---------------------------------------------------
>
> Key: SLING-6979
> URL: https://issues.apache.org/jira/browse/SLING-6979
> Project: Sling
> Issue Type: New Feature
> Reporter: Ian Boston
> Assignee: Ian Boston
>
> This issue is a PoC. It adds a capability to Sling so that Sling can issue authorizations on request to access external data APIs. It will have a SPI allowing concrete implementations, as there are many different possible scheme. For instance, when configured with AWS S3 implementations of those SPIs, on request it will issue signed policy authorizations that allow a client to perform the authorised operation on the AWS S3 REST API, for a specific key, for a specific time period. This would support the client performing a direct upload to S3 as detailed in [http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-post-example.html]. The same pattern with a different authorization mechanisms would allow Sling to emit X-Accell-Redirect headers for a Proxy LN like nginX to stream directly from the storage. This effectively removes the task of streaming bytes through Sling from Sling ensuring that all request threads in Sling are short lived, not consuming survivour heap space. Long lived threads holding onto references from stack will cause those objects to land in survivor heap costing more to GC when the operation is complete, even if the transfer is streamed via the JVM.
> Implementation will use a servlet attached to a resourceType. The Resource with that resource type will contain the configuration information and SPI implementation reference, so that requests to that Resource generate authorizations of the appropriate form. The configuration should be capable of mapping entire subtrees of individual resources. How the Resource path maps to a storage path is an implementation detail to follow Sling best practice in this area. (ie RESTfull)
> The PoC will be done in a branch, and can be deleted if a complete failure.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)