sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [sling-org-apache-sling-distribution-core] actinium15 commented on issue #30: SLING-8869 SimpleHttpDistributionTransport does not refresh the secret
Date Thu, 05 Dec 2019 17:49:36 GMT
actinium15 commented on issue #30: SLING-8869 SimpleHttpDistributionTransport does not refresh
the secret
URL: https://github.com/apache/sling-org-apache-sling-distribution-core/pull/30#issuecomment-562238806
 
 
   As always, thanks a lot for your support @tmaret!
   > The behaviour is similar to the #28.
   
   wrt the update of `Authorization` header this PR and #28 are identical - however, this
PR additionally addresses the concern pointed out by you at [0] (secret-provider-impls updating
the credentials without recreation of their Java objects).
   
   > we are using the fluent API it seems there's no way to set the authentication headers
only when a 401 or 403 is returned.
   
   I concur. More precisely, while there's a way to update username/password via [`Executor.auth()`](http://hc.apache.org/httpcomponents-client-ga/fluent-hc/apidocs/org/apache/http/client/fluent/Executor.html#auth(java.lang.String,%20java.lang.String)),
addition/update of a header needs to happen at the [`Request`](http://hc.apache.org/httpcomponents-client-ga/fluent-hc/apidocs/org/apache/http/client/fluent/Request.html#addHeader(java.lang.String,%20java.lang.String))
level, which we won't have _until_ the next invocation of `.deliverPackage`, by which time
we won't know if the previous call resulted in 401 and we need a fresh secret as the `Authorization`
header value.
   
   Eviction of an `Executor` after it results in 401 comes with the cost of losing `HttpClient`
contained within it (as mentioned at [1]).
   
   Though I understood that you chose to pick #28 because we don't want to move away from
Fluent HTTP APIs just yet, I don't quite understand what's specifically incorrect [with asking
for most up-to-date secrets from the configured secret provider right before every request
](https://github.com/apache/sling-org-apache-sling-distribution-core/pull/30/files#diff-655676dd8d087baa718f7d228e7ca866R131)[2].
   Is invocation of `secretProvider.getSecret()` before every request the concern? (I expect
well-behaved secret-provider impl to be able to cache/check-for-expiry/regenerate the secrets)
   It'd be very helpful if you could explain your reservations with the approach this PR takes
in a bit more detail. Thanks!
   
   [0] https://issues.apache.org/jira/browse/SLING-8869?focusedCommentId=16988627
   [1] https://issues.apache.org/jira/browse/SLING-8869?focusedCommentId=16988653
   [2] https://github.com/apache/sling-org-apache-sling-distribution-core/pull/30/files#diff-655676dd8d087baa718f7d228e7ca866R250-R251

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message