sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r872966 - in /websites/staging/sling/trunk/content: ./ documentation/the-sling-engine.html documentation/the-sling-engine/service-authentication.html
Date Mon, 05 Aug 2013 08:30:18 GMT
Author: buildbot
Date: Mon Aug  5 08:30:17 2013
New Revision: 872966

Staging update by buildbot for sling

    websites/staging/sling/trunk/content/   (props changed)

Propchange: websites/staging/sling/trunk/content/
--- cms:source-revision (original)
+++ cms:source-revision Mon Aug  5 08:30:17 2013
@@ -1 +1 @@

Modified: websites/staging/sling/trunk/content/documentation/the-sling-engine.html
--- websites/staging/sling/trunk/content/documentation/the-sling-engine.html (original)
+++ websites/staging/sling/trunk/content/documentation/the-sling-engine.html Mon Aug  5 08:30:17
@@ -89,6 +89,7 @@
 <li><a href="/documentation/the-sling-engine/architecture.html">Architecture</a></li>
 <li><a href="/documentation/the-sling-engine/authentication.html">Authentication</a></li>
+<li><a href="/documentation/the-sling-engine/service-authentication.html">Service
 <h2 id="request-handling">Request Handling</h2>
@@ -113,7 +114,7 @@
 <li><a href="/documentation/the-sling-engine/eventing-and-jobs.html">Eventing
and Jobs</a></li>
       <div class="timestamp" style="margin-top: 30px; font-size: 80%; text-align: right;">
-        Rev. 1500501 by fmeschbe on Sun, 7 Jul 2013 18:49:51 +0000
+        Rev. 1510382 by fmeschbe on Mon, 5 Aug 2013 08:30:02 +0000
       <div class="trademarkFooter"> 
         Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project

Added: websites/staging/sling/trunk/content/documentation/the-sling-engine/service-authentication.html
--- websites/staging/sling/trunk/content/documentation/the-sling-engine/service-authentication.html
+++ websites/staging/sling/trunk/content/documentation/the-sling-engine/service-authentication.html
Mon Aug  5 08:30:17 2013
@@ -0,0 +1,253 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "">
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+ 2.0
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+  <head>
+    <title>Apache Sling - Service Authentication</title>
+    <link rel="icon" href="/res/favicon.ico">
+    <link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
+    <link rel="stylesheet" href="/res/codehilite.css" type="text/css" media="all">
+    <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
+  </head>
+  <body>
+    <div class="title">
+      <div class="logo">
+        <a href="">
+          <img border="0" alt="Apache Sling" src="/res/logo.png">
+        </a>
+      </div>
+      <div class="header">
+        <a href="">
+          <img border="0" alt="Apache" src="/res/apache.png">
+        </a>
+      </div>
+    </div>
+    <div class="menu"> 
+      <p><strong><a href="/documentation.html">Documentation</a></strong>
<br />
+<a href="/documentation/getting-started.html">Getting Started</a> <br />
+<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
+<a href="/documentation/development.html">Development</a> <br />
+<a href="/documentation/bundles.html">Bundles</a> <br />
+<a href="/documentation/tutorials-how-tos.html">Tutorials &amp; How-Tos</a>
<br />
+<a href="/documentation/configuration.html">Configuration</a> <br />
+<a href="">Wiki</a> <br />
+<a href="">FAQ</a> <br />
+<a href="/sitemap.html">Site Map</a></p>
+<p><strong>API Docs</strong>  <br />
+<a href="/apidocs/sling6/index.html">Sling 6</a> <br />
+<a href="/apidocs/sling5/index.html">Sling 5</a>   </p>
+<p><strong>Project info</strong> <br />
+<a href="/downloads.cgi">Downloads</a> <br />
+<a href="">License</a> <br />
+<a href="/contributing.html">Contributing</a> <br />
+<a href="/news.html">News</a> <br />
+<a href="/links.html">Links</a> <br />
+<a href="/project-information.html">Project Information</a> <br />
+<a href="">Issue Tracker</a> <br
+<a href="">Browse Source Repository</a>
<br />
+<a href="/project-information/security.html">Security</a>   </p>
+<p><strong>Sponsorship</strong> <br />
+<a href="">Thanks</a> <br />
+<a href="">Become a Sponsor</a>
<br />
+<a href="">Buy Stuff</a>   </p>
+<!-- no valid ads for now, we'll  reactivate this when needed
+    src=""
+    style="border-width:0; float: left" frameborder="0" 
+    scrolling="no"
+    width="135" 
+    height="135">
+    </div>
+    <div class="main">
+      <div class="breadcrump" style="font-size: 80%;">
+        <a href="/">Home</a>&nbsp;&raquo&nbsp;<a href="/documentation.html">Documentation</a>&nbsp;&raquo&nbsp;<a
href="/documentation/the-sling-engine.html">The Sling Engine</a>
+      </div>
+      <h1>Service Authentication</h1>
+      <div class="toc">
+<li><a href="#problem">Problem</a></li>
+<li><a href="#concept">Concept</a><ul>
+<li><a href="#example-tenant-administration">Example: Tenant Administration</a></li>
+<li><a href="#example-mail-transfer-system">Example: Mail Transfer System</a></li>
+<li><a href="#implementation">Implementation</a><ul>
+<li><a href="#serviceusermapper">ServiceUserMapper</a></li>
+<li><a href="#resourceresolverfactory">ResourceResolverFactory</a></li>
+<li><a href="#slingrepository">SlingRepository</a></li>
+<li><a href="#deprecation-of-administrative-authentication">Deprecation of administrative
+<h2 id="problem">Problem</h2>
+<p>To access the data storage in the Resource Tree and/or the JCR Repository
+authentication is required to properly setup access control and guard
+sensitive data from unauthorized access. For regular request processing
+this authentication step is handled by the Sling
+<a href="/documentation/the-sling-engine/authentication.html">Authentication</a>
+<p>On the other hand there are also some background tasks to be executed
+with access to the resources. Such tasks cannot in general be configured
+with user names and passwords: Neither hard coding the passwords in the code
+nor having the passwords in &ndash; more or less &ndash; plain text in some
+configuration is considered good practice.</p>
+<p>To solve this problem for services to identify themselves and authenticate
+with special users properly configured to support those services.</p>
+<p>The solution presented here serves the following goals:</p>
+<li>Prevent over-use and abuse of administrative ResourceResolvers and/ro JCR Sessions</li>
+<li>Allow services access to ResourceResolvers and/or JCR Sessions without
+requiring to hard-code or configure passwords</li>
+<li>Allow services to use <em>service users</em> which have been specially
+configured for service level access (as is usually done on unixish systems)</li>
+<li>Allow administrators to configure the assignment of service users to
+<h2 id="concept">Concept</h2>
+<p>A <em>Service</em> is a piece or collection of functionality. Examples
of services
+are the Sling queuing system, Tenant Administration, or some Message Transfer
+System. Each service is identified by a unique <em>Service Name</em>. Since a
+service will  be implemented in an OSGi bundle (or a collection of OSGi
+bundles), services are named by the bundles providing them.</p>
+<p>A Service may be comprised of multiple parts, so each part of the
+service may be further identified by a <em>Subservice Name</em>. This
+Subservice Name is optional, though. Examples of <em>Subservice Name</em>
+are names for subsystems in a Message Transfer System such as accepting
+messages, queueing messages, delivering messages.</p>
+<p>Ultimately, the combination of the <em>Service Name</em> and <em>Subservice
+defines the <em>Service ID</em>. It is the <em>Service ID</em> which
is finally mapped to
+a Resource Resolver and/or JCR Repository user ID for authentication.</p>
+<p>Thus the actual service identification (service ID) is defined as:</p>
+<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre>1</pre></div></td><td
class="code"><div class="codehilite"><pre>service-id = service-name [ &quot;:&quot;
subservice-name ] .
+<p>The <code>service-name</code> is the value of the <code>Sling-Service</code>
bundle manifest
+header. This name can be any string valid as a manifest header but must
+not contain a colon <code>:</code> which is used to delimit the <code>service-name</code>
+the <code>service-info</code> in the <code>service-id</code> string.</p>
+<p>If the bundle does not have a <code>Sling-Service</code> bundle manifest
header or
+if the value is the empty string, the bundle's symbolic name is used as
+the <code>service-name</code>.</p>
+<h3 id="example-tenant-administration">Example: Tenant Administration</h3>
+<p>Tenant Administration mostly deals with creating and managing groups
+and some other user administration tasks. Instead of just using an
+administrative session for Tenant administration this feature could
+define itself as being the <code>tenant-admin</code> service and leverage a
+properly configured Tenant Administration account.</p>
+<h3 id="example-mail-transfer-system">Example: Mail Transfer System</h3>
+<p>Consider a Mail Transfer System which may be comprised of the following
+sub systems:</p>
+<li>Accepting mail for processing &mdash; for example the SMTP server daemon</li>
+<li>Queing and processing the messages</li>
+<li>Delivering messages to mailboxes</li>
+<p>You could conceive that all these functions serve different purposes and
+thus should have different access rights to the repository to persist
+messages while they are being processed.</p>
+<p>Using the Service Authentication framework, the Mail Transfer System
+would be consituting the <code>mta</code> service. The sub systems would be called
+<code>smtp</code>, <code>queue</code>, and <code>deliver</code>.</p>
+<p>Thus the SMTP server daemon would be represented by a user for the
+<code>mta:smtp</code> Service.  queueing with <code>mta:queue</code>,
and delivery with <code>mta:deliver</code>.  </p>
+<h2 id="implementation">Implementation</h2>
+<p>The implementation in Sling of the <em>Service Authentication</em> concept
+described above consists of three parts:</p>
+<h3 id="serviceusermapper"><code>ServiceUserMapper</code></h3>
+<p>The first part is a new OSGi Service <code>ServiceUserMapper</code>.
+<code>ServiceUserMapper</code> service allows for mapping <em>Service IDs</em>
comprised of
+the <em>Service Names</em> defined by the providing bundles and optional <em>Subservice
+to ResourceResolver and/or JCR Repository user IDs. This mapping is configurable
+such that system administrators are in full control of assigning users to services.</p>
+<p>The <code>ServiceUserMapper</code> defines the following API:</p>
+<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre>1
+2</pre></div></td><td class="code"><div class="codehilite"><pre><span
class="n">String</span> <span class="nf">getServiceID</span><span
class="o">(</span><span class="n">Bundle</span> <span class="n">bundle</span><span
class="o">,</span> <span class="n">String</span> <span class="n">subServiceName</span><span
+<span class="n">String</span> <span class="nf">getServiceUserID</span><span
class="o">(</span><span class="n">Bundle</span> <span class="n">bundle</span><span
class="o">,</span> <span class="n">String</span> <span class="n">subServiceName</span><span
+<h3 id="resourceresolverfactory"><code>ResourceResolverFactory</code></h3>
+<p>The second part is support for service access to the Resource Tree. To this
+avail, the <code>ResourceResolverFactory</code> service is enhanced with a new
+<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre>1
+2</pre></div></td><td class="code"><div class="codehilite"><pre><span
class="n">ResourceResolver</span> <span class="nf">getServiceResourceResolver</span><span
class="o">(</span><span class="n">Map</span><span class="o">&lt;</span><span
class="n">String</span><span class="o">,</span> <span class="n">Object</span><span
class="o">&gt;</span> <span class="n">authenticationInfo</span><span
+    <span class="kd">throws</span> <span class="n">LoginException</span><span
+<p>This method allows for access to the resource tree for services where the
+service bundle is the bundle actually using the <code>ResourceResolverFactory</code>
+service. The optional Subservice Name may be provided as an entry
+in the <code>authenticationInfo</code> map.</p>
+<p>In addition to having new API on the <code>ResourceResolverFactory</code>
service to
+be used by services, the <code>ResourceProviderFactory</code> service is updated
+with support for Service Authentication: Now new API is required, though
+but additional properties are defined to convey the service to authenticate
+<h3 id="slingrepository"><code>SlingRepository</code></h3>
+<p>The third part is an extension to the <code>SlingRepository</code>service
+to support JCR Repository access for services:</p>
+<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre>1
+2</pre></div></td><td class="code"><div class="codehilite"><pre><span
class="n">Session</span> <span class="nf">loginService</span><span
class="o">(</span><span class="n">String</span> <span class="n">subServiceName</span><span
class="o">,</span> <span class="n">String</span> <span class="n">workspace</span><span
+    <span class="kd">throws</span> <span class="n">LoginException</span><span
class="o">,</span> <span class="n">RepositoryException</span><span
+<p>This method allows for access to the JCR Repository for services where the
+service bundle is the bundle actually using the <code>SlingRepository</code>
+service. The additional Subservice Name may be provided with the
+<code>subServiceName</code> parameter.</p>
+<h2 id="deprecation-of-administrative-authentication">Deprecation of administrative
+<p>Originally the <code>ResourceResolverFactory.getAdministrativeResourceResolver</code>
+and <code>SlingRepository.loginAdministrative</code> methods have been defined
+provide access to the resource tree and JCR Repository. These methods
+proved to be inappropriate because they allow for much too broad access.</p>
+<p>Consequently these methods are being deprecated and will be removed in
+future releases of the service implementations.</p>
+<p>The following methods are deprecated:</p>
+<p>The implementations we have in Sling's bundle will remain implemented 
+in the near future. But there will be a configuration switch to disable
+support for these methods: If the method is disabled, a <code>LoginException</code>
+is always thrown from these methods. The JavaDoc of the methods is
+extended with this information.</p>
+      <div class="timestamp" style="margin-top: 30px; font-size: 80%; text-align: right;">
+        Rev. 1510382 by fmeschbe on Mon, 5 Aug 2013 08:30:02 +0000
+      </div>
+      <div class="trademarkFooter"> 
+        Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project
+        logo are trademarks of The Apache Software Foundation. All other marks mentioned
+        may be trademarks or registered trademarks of their respective owners.
+      </div>
+    </div>
+  </body>

View raw message