incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache Sling > Service Authentication
Date Thu, 04 Apr 2013 08:47:00 GMT
<html>
<head>
    <base href="https://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/2042/9/1/_/styles/combined.css?spaceKey=SLING&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="https://cwiki.apache.org/confluence/display/SLING/Service+Authentication">Service
Authentication</a></h2>
    <h4>Page  <b>added</b> by             <a href="https://cwiki.apache.org/confluence/display/~fmeschbe">Felix
Meschberger</a>
    </h4>
         <br/>
    <div class="notificationGreySide">
         <h1><a name="ServiceAuthentication-ServiceAuthentication"></a>Service
Authentication</h1>



<p>Status: PROTOTYPE<br/>
Created: 4. April 2013<br/>
Author: fmeschbe<br/>
Issue: &#8211;</p>

<div>
<ul>
    <li><a href='#ServiceAuthentication-Problem'>Problem</a></li>
    <li><a href='#ServiceAuthentication-Requirements'>Requirements</a></li>
    <li><a href='#ServiceAuthentication-Solution'>Solution</a></li>
<ul>
    <li><a href='#ServiceAuthentication-NewloginServicemethods'>New loginService
methods</a></li>
    <li><a href='#ServiceAuthentication-CommunicatingServiceInformationtoResourceProviderFactories'>Communicating
Service Information to ResourceProviderFactories</a></li>
    <li><a href='#ServiceAuthentication-NewServiceUserMapperService'>New ServiceUserMapper
Service</a></li>
    <li><a href='#ServiceAuthentication-DeprecateloginAdministrative'>Deprecate
loginAdministrative</a></li>
</ul>
    <li><a href='#ServiceAuthentication-PrototypeImplementation'>Prototype Implementation</a></li>
</ul></div>


<h2><a name="ServiceAuthentication-Problem"></a>Problem</h2>

<p>Since the early days of Sling we had methods to get an administrative JCR Session
and later an administrative ResourceResolver. These methods were intended to provide services
with access to the repository with less restrictions than regular users and to also allow
those services to access the Resource tree (and JCR Repository) without hard-coding a password
in the code or even having the password as some plain text in configuration.</p>

<p>Over the years, it turned out that these <tt>loginAdministrative</tt>
methods have been abused.</p>

<p>The goal of this proposal is to come up with new API to replace the <tt>loginAdministrative</tt>
methods.</p>


<h2><a name="ServiceAuthentication-Requirements"></a>Requirements</h2>

<ul>
	<li>Don't use administrative JCR Sessions or ResourceResolvers all over</li>
	<li>Allow services access to JCR Sessions and ResourceResolvers without requiring to
hard-code or configure passwords</li>
	<li>Allow services to use "users" which have been specially configured for service
level access</li>
	<li>Allow administrators to configure the assignment of service users to services</li>
</ul>



<h2><a name="ServiceAuthentication-Solution"></a>Solution</h2>


<h3><a name="ServiceAuthentication-NewloginServicemethods"></a>New loginService
methods</h3>

<p>Two new methods are introduced to replace <tt>loginAdministrative</tt>
methods:</p>

<ul>
	<li><tt>ResourceResolver getServiceResourceResolver(Map&lt;String, Object&gt;
authenticationInfo) throws LoginException;</tt></li>
	<li><tt>Session loginService(String serviceInfo, String workspace) throws LoginException,
RepositoryException;</tt></li>
</ul>


<p>The bundle identifying the actual service is not part of the new API. The bundle
is taken from the call stack by leveraging the OSGi Service Factory mechanism: Each bundle
using the <tt>ResourceResolverFactory</tt> or <tt>SlingRepository</tt>
service actually gets an instance bound to the using bundle. That bundle is used to identify
the service.</p>

<p>The <tt>serviceInfo</tt> parameter or <tt>sling.service.info</tt>
property of the <tt>authenticationInfo</tt> map may be used to provide additional
information on the service. See the <em>New ServiceUserMapper Service</em> section
below for information on additional service information.</p>


<h3><a name="ServiceAuthentication-CommunicatingServiceInformationtoResourceProviderFactories"></a>Communicating
Service Information to ResourceProviderFactories</h3>

<p>The <tt>ResourceProviderFactory</tt> interface is not extended for the
new service login. Rather the required information &#8211; using bundle and additional
service information &#8211; is passed to the <tt>getResourceProvider</tt>
method as part of the <tt>authenticationInfo</tt> map:</p>

<ul>
	<li><tt>ResourceResolverFactory.USER</tt> &#8211; name of the service
user (never <tt>null</tt>)</li>
	<li><tt>ResourceProviderFactory.SERVICE_BUNDLE</tt> &#8211; the service
<tt>Bundle</tt> object (never <tt>null</tt>)</li>
	<li><tt>ResourceResolverFactory.SERVICE_INFO</tt> &#8211; additional
service information (optional; may be <tt>null</tt>)</li>
</ul>


<p>In case the <tt>ResourceProviderFactory</tt> makes use of another service
to provide the <tt>ResourceProvider</tt> the provided service bundle should be
used to acquire the service to allow the service to support service logins using the <tt>ServiceUserMapper</tt>
service. An example of such an implementation would be the JCR based <tt>ResourceProviderFactory</tt>
which gets the <tt>SlingRepository</tt> service using the service bundle.</p>


<h3><a name="ServiceAuthentication-NewServiceUserMapperService"></a>New
ServiceUserMapper Service</h3>

<p>A service is introduced which allows to map a service to a user name. A service is
identified by a service name related to the OSGi Bundle implementing the service and an additional
service information string. For example a bundle implementing mail support may represent the
<em>MailServer</em> service while the actual mail sender may identify itself with
the <em>sender</em> information and some mail queue handler may identify itself
with the <em>queue</em> information. This allows separate users to be used for
sending messages and handling the message queue or using the same user for both services,
depending on the requirements and needs of the system administrator.</p>

<p>The <tt>ServiceUserMapper</tt> service has two methods:</p>

<ul>
	<li><tt>String getServiceName(Bundle bundle, String serviceInfo);</tt>
&#8211; Returns the value of the service identification string to use for the bundle providing
the service. In the above example of the message sender service, when call with the mail server
bundle and <tt>serviceInfo="sender"</tt> the returned value might be <tt>MailServer:sender</tt>.</li>
	<li><tt>String getUserForService(Bundle bundle, String serviceInfo);</tt>
&#8211; Returns the name of the user to be used for the given service.</li>
</ul>


<p>This <a href="http://svn.apache.org/repos/asf/sling/whiteboard/fmeschbe/deprecate_login_administrative/serviceusermapper/src/main/java/org/apache/sling/serviceusermapping/ServiceUserMapper.java"
class="external-link" rel="nofollow"><tt>ServiceUserMapper</tt></a> service
is intended to be used by implementations of the new <tt>loginService</tt> methods
to allow mapping services to user names and to provide for a central point of configuring
the mapping.</p>


<h3><a name="ServiceAuthentication-DeprecateloginAdministrative"></a>Deprecate
loginAdministrative</h3>

<p>The following methods are deprecated:</p>

<ul>
	<li><tt>SlingRepository.loginAdministrative</tt></li>
	<li><tt>ResourceResolverFactory.getAdministrativeResourceResolver</tt></li>
	<li><tt>ResourceProviderFactory.getAdministrativeResourceProvider</tt></li>
</ul>


<p>The implementations we have in Sling's bundle will remain implemented but there will
be a configuration switch to disable support for these methods: If the method is disabled,
a <tt>LoginException</tt> is always thrown from these methods. The JavaDoc of
the methods is augmented with this information.</p>


<h2><a name="ServiceAuthentication-PrototypeImplementation"></a>Prototype
Implementation</h2>

<p>A prototype implementation of this concept is available in the <a href="http://svn.apache.org/repos/asf/sling/whiteboard/fmeschbe/deprecate_login_administrative"
class="external-link" rel="nofollow">deprecate_login_administrative whiteboard</a>.</p>
    </div>
    <div id="commentsSection" class="wiki-content pageSection">
       <div style="float: right;">
            <a href="https://cwiki.apache.org/confluence/users/viewnotifications.action"
class="grey">Change Notification Preferences</a>
       </div>
       <a href="https://cwiki.apache.org/confluence/display/SLING/Service+Authentication">View
Online</a>
              |
       <a href="https://cwiki.apache.org/confluence/display/SLING/Service+Authentication?showComments=true&amp;showCommentArea=true#addcomment">Add
Comment</a>
           </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message