jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcel Reutegger (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (JCR-3534) Add JackrabbitSession.getValueByContentId method
Date Thu, 21 Mar 2013 13:45:20 GMT

    [ https://issues.apache.org/jira/browse/JCR-3534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13608930#comment-13608930

Marcel Reutegger commented on JCR-3534:

Here's what Angela and I briefly discussed yesterday, which has similarities to what Thomas
proposed. Please consider this as taking notes of the discussion, rather then a full fledged

Repository instances connected to a shared data store trust each other by means of a shared
shared secret or some other mechanism to verify 'messages' from the other instance. A client
of the JCR API can get a content identifier from a binary property stored in the data store
via JackrabbitValue.getContentIdentity(). The returned value is an encrypted message, which
contains the current userId and the hash of the data store item. This value can then be sent
to the other repository and a JCR Value will be created from this message. We were not sure
how exactly that would work. One option we discussed was a custom JCR Binary class recognized
by the repository implementation. The created binary can then be used to set a property. The
implementation will then decrypt and verify the message and extract the userId and the hash.
If the userId does not match the current user, then the repository will throw an exception.
If the userId matches and an item with the given hash already exists, the implementation will
set the property to the given value. Otherwise the call to setProperty() behaves as if it
was passed a null value, which is equivalent to removing the value. This allows a client to
check whether the binary is already on the target system.

The benefit of this mechanism is, that you cannot generate content identifiers on a system
and then use it to attack another one. Rather the content identifier depends on something
like a salt or shared secret, as proposed by Thomas. The system further guarantees a user
is only able to see data store items on the target system he had access to on the source system.

Comments welcome.
> Add JackrabbitSession.getValueByContentId method
> ------------------------------------------------
>                 Key: JCR-3534
>                 URL: https://issues.apache.org/jira/browse/JCR-3534
>             Project: Jackrabbit Content Repository
>          Issue Type: New Feature
>          Components: jackrabbit-api, jackrabbit-core
>    Affects Versions: 2.6
>            Reporter: Felix Meschberger
>         Attachments: JCR-3534.patch
> we have a couple of use cases, where we would like to leverage the global data store
to prevent sending around and copying around large binary data unnecessarily: We have two
separate Jackrabbit instances configured to use the same DataStore (for the sake of this discussion
assume we have the problems of concurrent access and garbage collection under control). When
sending content from one instance to the other instance we don't want to send potentially
large binary data (e.g. video files) if not needed.
> The idea is for the sender to just send the content identity from JackrabbitValue.getContentIdentity().
The receiver would then check whether the such content already exists and would reuse if so:
> String ci = contentIdentity_from_sender;
> try {
>     Value v = session.getValueByContentIdentity(ci);
>     Property p = targetNode.setProperty(propName, v);
> } catch (ItemNotFoundException ie) {
>     // unknown or invalid content Identity
> } catch (RepositoryException re) {
>     // some other exception
> }
> Thus the proposed JackrabbitSession.getValueByContentIdentity(String) method would allow
for round tripping the JackrabbitValue.getContentIdentity() preventing superfluous binary
data copying and moving. 
> See also the dev@ thread http://jackrabbit.markmail.org/thread/gedk5jsrp6offkhi

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message