jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chetan Mehrotra <chetan.mehro...@gmail.com>
Subject Re: Assessing Oak: content delivery, security, deployment & more
Date Wed, 15 Feb 2017 11:09:13 GMT
Hi Dmitry,

You should have a look at Apache Sling [1] which provides quite a bit
of stuff like HTTP api, embedded repository, authentication
integration etc.

> 1. Binary content delivery. How good/bad is the idea to serve binary
> content right off the repository? I know things are different for
> images/PDFs vs. audio/video, but I'm afraid my project will feature all
> of the above.
> While investigating, I've stumbled upon this page: https://wiki.apache.
> org/jackrabbit/JCR%20Binary%20Usecase
> From it, I can deduce that the problem is well-known, but apparently
> hasn't been addressed yet. Maybe someone has more up-to-date info? I'm
> particularly interested in sendfile support.

Yes this is not yet implemented and something we plan to do for 1.8
release. For you can possibly workaround the logic which serves the
binary content by mapping the Binary id with the way its stored in
datastore (knowing you rely on implementation details)

> What about external user management, will I need to implement anything?
> Just FYI, I'm a KeyCloak contributor, and I'll be eager to contribute
> to Oak too to facilitate better integration between the two projects in
> the area of security.

Jackrabbit Oak use JAAS and has a pluggable authentication and user
management layer. Have a look at docs [2] for details around that

> 3. Deployment. Is it correct that all the Jackrabbit deployment models
> (embedded, shared, server) apply to Oak too?
> I think I'll start with the embedded repository. Is it right that I
> should create something like oak-examples/webapp and probably implement
> myself something similar to oak-http (since oak-http is broken ATM)?

Yes using webapp example as basis would be fine. Also do have a look
at Sling [1] which can be deployed as a war

> 4. Transactions. Is it correct that with JTA I can have transactions
> that span both JPA and Oak scopes? What about different deployment
> models (most interestingly server)?

This is currently not supported i.e. transactions which span both JPA and Oak.

Chetan Mehrotra
[1] http://sling.apache.org/
[2] https://jackrabbit.apache.org/oak/docs/security/overview.html


On Tue, Feb 14, 2017 at 4:38 PM, Dmitry Telegin <mitya@cargosoft.ru> wrote:
> Hi,
>
> I'm planning a project that will feature a hierarchical multimedia
> content store. I'm in the process of assessing technologies that should
> comprise the project's core, and from what I've learned yet, Oak is the
> way to go.
>
> However, I'm a bit new to the topic, so I'll be grateful if somebody
> helps me clarify the following points. The overall project architecture
> will consist of REST-enabled content repository (presumably Oak),
> JavaEE application (JPA+EJB+JAX-RS) and a HTML5 frontend that will
> connect to both repository and application via REST.
>
> 1. Binary content delivery. How good/bad is the idea to serve binary
> content right off the repository? I know things are different for
> images/PDFs vs. audio/video, but I'm afraid my project will feature all
> of the above.
> While investigating, I've stumbled upon this page: https://wiki.apache.
> org/jackrabbit/JCR%20Binary%20Usecase
> From it, I can deduce that the problem is well-known, but apparently
> hasn't been addressed yet. Maybe someone has more up-to-date info? I'm
> particularly interested in sendfile support.
>
> 2. Security. The project will use KeyCloak for authentication, identity
> management, SSO and social login. In a few words, KeyCloak is an OpenID
> Connect and SAML provider coupled with its own advanced identity
> management, social login brokering etc. I wonder how much coding will
> be needed (if any) to make things work with Oak?
> Some technical details. KeyCloak offers so called adapters to secure
> applications and services. An adapter module is installed into the
> application server and configured to secure applications. It does all
> the heavy lifting like HTTP redirects, token processing etc. Upon
> successful authentication, it sets up a Java EE Principal object.
> Additionally, an application can use KeyCloak API to retrieve raw
> OpenID Connect / SAML token for further processing.
> Is this enough to implement uniform authentication for both components
> (Oak and Java EE)? What about different deployment models (embedded vs.
> server)?
> What about external user management, will I need to implement anything?
> Just FYI, I'm a KeyCloak contributor, and I'll be eager to contribute
> to Oak too to facilitate better integration between the two projects in
> the area of security.
>
> 3. Deployment. Is it correct that all the Jackrabbit deployment models
> (embedded, shared, server) apply to Oak too?
> I think I'll start with the embedded repository. Is it right that I
> should create something like oak-examples/webapp and probably implement
> myself something similar to oak-http (since oak-http is broken ATM)?
>
> 4. Transactions. Is it correct that with JTA I can have transactions
> that span both JPA and Oak scopes? What about different deployment
> models (most interestingly server)?
>
> I apologize for asking so many questions at once. Oak looks very
> promising, and I'm looking forward to have a good experience developing
> my project around it.
>
> Thanks in advance!
> Dmitry

Mime
View raw message