sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Egli <e...@adobe.com>
Subject Re: TopologyConnectorServlet
Date Wed, 09 Oct 2013 08:16:52 GMT
Hi Ian,

+1

I like the idea of making an API out of this. One thing to remember is
that this API would be part of discovery.impl rather than discovery.api -
since the discovery.api does not make any assumptions on how
instances/clusters discover each other. Nevertheless I think it's a good
idea.

Additionally, I wonder if we could also include the possibility of
encrypting/decrypting the payload that discovery.impl sends around via the
topology connectors? It could be a separate service - eg
DiscoveryPayloadHandler - and provide methods to encrypt and
decrypt/verify.

Cheers,
Stefan

On 10/8/13 7:40 PM, "Ian Boston" <ieb@tfd.co.uk> wrote:

>Hi,
>The whitelist configuration in this servlet is causing some problems
>where the contents of the whitelist is potentially large and changing,
>since it requires constant re-configuration.
>
>Would it be possible to have a API service that is consulted if
>present to check if the request is allowed. For those that want to use
>the service they would configure the whitelist to reject everything
>while the service was not present so avoid startup issues.
>
>eg
>
>+    @Reference(cardinality=ReferenceCardinality.OPTIONAL_UNARY)
>+     private WhiteListProvider   whiteListProvider;
>
>    /** Checks if the provided request's remote server is whitelisted **/
>
>    private boolean isWhitelisted(final SlingHttpServletRequest request) {
>+      if (whiteListProvider != null) {
>+             whiteListProvider.isWhitelisted(request);
>+        }
>        if (whitelist.contains(request.getRemoteAddr())) {
>
>            return true;
>
>        } else if (whitelist.contains(request.getRemoteHost())) {
>
>            return true;
>
>        }
>
>        logger.info("isWhitelisted: rejecting " + request.getRemoteAddr()
>
>                + ", " + request.getRemoteHost());
>
>        return false;
>
>    }
>
>
>and in the API, presumably discovery api.
>
>public interface WhiteListProvider {
>
>    private boolean isWhitelisted(HttpServletRequest request);
>
>}
>
>
>Best Regards
>Ian


Mime
View raw message