Author: buildbot
Date: Mon Aug 5 08:30:17 2013
New Revision: 872966
Log:
Staging update by buildbot for sling
Added:
websites/staging/sling/trunk/content/documentation/the-sling-engine/service-authentication.html
Modified:
websites/staging/sling/trunk/content/ (props changed)
websites/staging/sling/trunk/content/documentation/the-sling-engine.html
Propchange: websites/staging/sling/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Mon Aug 5 08:30:17 2013
@@ -1 +1 @@
-1508812
+1510382
Modified:
websites/staging/sling/trunk/content/documentation/the-sling-engine.html
==============================================================================
--- websites/staging/sling/trunk/content/documentation/the-sling-engine.html
(original)
+++ websites/staging/sling/trunk/content/documentation/the-sling-engine.html
Mon Aug 5 08:30:17 2013
@@ -89,6 +89,7 @@
<ul>
<li><a
href="/documentation/the-sling-engine/architecture.html">Architecture</a></li>
<li><a
href="/documentation/the-sling-engine/authentication.html">Authentication</a></li>
+<li><a
href="/documentation/the-sling-engine/service-authentication.html">Service
Authentication</a></li>
</ul>
<h2 id="request-handling">Request Handling</h2>
<ul>
@@ -113,7 +114,7 @@
<li><a href="/documentation/the-sling-engine/eventing-and-jobs.html">Eventing
and Jobs</a></li>
</ul>
<div class="timestamp" style="margin-top: 30px; font-size: 80%;
text-align: right;">
- Rev. 1500501 by fmeschbe on Sun, 7 Jul 2013 18:49:51 +0000
+ Rev. 1510382 by fmeschbe on Mon, 5 Aug 2013 08:30:02 +0000
</div>
<div class="trademarkFooter">
Apache Sling, Sling, Apache, the Apache feather logo, and the Apache
Sling project
Added:
websites/staging/sling/trunk/content/documentation/the-sling-engine/service-authentication.html
==============================================================================
---
websites/staging/sling/trunk/content/documentation/the-sling-engine/service-authentication.html
(added)
+++
websites/staging/sling/trunk/content/documentation/the-sling-engine/service-authentication.html
Mon Aug 5 08:30:17 2013
@@ -0,0 +1,253 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd";>
+<html>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE- 2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+ <head>
+ <title>Apache Sling - Service Authentication</title>
+ <link rel="icon" href="/res/favicon.ico">
+ <link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
+ <link rel="stylesheet" href="/res/codehilite.css" type="text/css"
media="all">
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
+ </head>
+ <body>
+ <div class="title">
+ <div class="logo">
+ <a href="http://sling.apache.org/";>
+ <img border="0" alt="Apache Sling" src="/res/logo.png">
+ </a>
+ </div>
+ <div class="header">
+ <a href="http://www.apache.org/";>
+ <img border="0" alt="Apache" src="/res/apache.png">
+ </a>
+ </div>
+ </div>
+
+ <div class="menu">
+ <p><strong><a href="/documentation.html">Documentation</a></strong> <br
/>
+<a href="/documentation/getting-started.html">Getting Started</a> <br />
+<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
+<a href="/documentation/development.html">Development</a> <br />
+<a href="/documentation/bundles.html">Bundles</a> <br />
+<a href="/documentation/tutorials-how-tos.html">Tutorials & How-Tos</a>
<br />
+<a href="/documentation/configuration.html">Configuration</a> <br />
+<a href="http://s.apache.org/sling.wiki";>Wiki</a> <br />
+<a href="http://s.apache.org/sling.faq";>FAQ</a> <br />
+<a href="/sitemap.html">Site Map</a></p>
+<p><strong>API Docs</strong> <br />
+<a href="/apidocs/sling6/index.html">Sling 6</a> <br />
+<a href="/apidocs/sling5/index.html">Sling 5</a> </p>
+<p><strong>Project info</strong> <br />
+<a href="/downloads.cgi">Downloads</a> <br />
+<a href="http://www.apache.org/licenses/";>License</a> <br />
+<a href="/contributing.html">Contributing</a> <br />
+<a href="/news.html">News</a> <br />
+<a href="/links.html">Links</a> <br />
+<a href="/project-information.html">Project Information</a> <br />
+<a href="https://issues.apache.org/jira/browse/SLING";>Issue Tracker</a> <br />
+<a href="http://svn.apache.org/viewvc/sling/trunk";>Browse Source
Repository</a> <br />
+<a href="/project-information/security.html">Security</a> </p>
+<p><strong>Sponsorship</strong> <br />
+<a href="http://www.apache.org/foundation/thanks.html";>Thanks</a> <br />
+<a href="http://www.apache.org/foundation/sponsorship.html";>Become a
Sponsor</a> <br />
+<a href="http://www.apache.org/foundation/buy_stuff.html";>Buy Stuff</a> </p>
+<!-- no valid ads for now, we'll reactivate this when needed
+<iframe
+ src="http://www.apache.org/ads/button.html";
+ style="border-width:0; float: left" frameborder="0"
+ scrolling="no"
+ width="135"
+ height="135">
+</iframe>
+-->
+ </div>
+
+ <div class="main">
+ <div class="breadcrump" style="font-size: 80%;">
+ <a href="/">Home</a> » <a
href="/documentation.html">Documentation</a> » <a
href="/documentation/the-sling-engine.html">The Sling Engine</a>
+ </div>
+
+
+
+ <h1>Service Authentication</h1>
+ <div class="toc">
+<ul>
+<li><a href="#problem">Problem</a></li>
+<li><a href="#concept">Concept</a><ul>
+<li><a href="#example-tenant-administration">Example: Tenant
Administration</a></li>
+<li><a href="#example-mail-transfer-system">Example: Mail Transfer
System</a></li>
+</ul>
+</li>
+<li><a href="#implementation">Implementation</a><ul>
+<li><a href="#serviceusermapper">ServiceUserMapper</a></li>
+<li><a href="#resourceresolverfactory">ResourceResolverFactory</a></li>
+<li><a href="#slingrepository">SlingRepository</a></li>
+</ul>
+</li>
+<li><a href="#deprecation-of-administrative-authentication">Deprecation of
administrative authentication</a></li>
+</ul>
+</div>
+<h2 id="problem">Problem</h2>
+<p>To access the data storage in the Resource Tree and/or the JCR Repository
+authentication is required to properly setup access control and guard
+sensitive data from unauthorized access. For regular request processing
+this authentication step is handled by the Sling
+<a
href="/documentation/the-sling-engine/authentication.html">Authentication</a>
+subsystem.</p>
+<p>On the other hand there are also some background tasks to be executed
+with access to the resources. Such tasks cannot in general be configured
+with user names and passwords: Neither hard coding the passwords in the code
+nor having the passwords in – more or less – plain text in some
+configuration is considered good practice.</p>
+<p>To solve this problem for services to identify themselves and authenticate
+with special users properly configured to support those services.</p>
+<p>The solution presented here serves the following goals:</p>
+<ul>
+<li>Prevent over-use and abuse of administrative ResourceResolvers and/ro JCR
Sessions</li>
+<li>Allow services access to ResourceResolvers and/or JCR Sessions without
+requiring to hard-code or configure passwords</li>
+<li>Allow services to use <em>service users</em> which have been specially
+configured for service level access (as is usually done on unixish
systems)</li>
+<li>Allow administrators to configure the assignment of service users to
+services</li>
+</ul>
+<h2 id="concept">Concept</h2>
+<p>A <em>Service</em> is a piece or collection of functionality. Examples of
services
+are the Sling queuing system, Tenant Administration, or some Message Transfer
+System. Each service is identified by a unique <em>Service Name</em>. Since a
+service will be implemented in an OSGi bundle (or a collection of OSGi
+bundles), services are named by the bundles providing them.</p>
+<p>A Service may be comprised of multiple parts, so each part of the
+service may be further identified by a <em>Subservice Name</em>. This
+Subservice Name is optional, though. Examples of <em>Subservice Name</em>
+are names for subsystems in a Message Transfer System such as accepting
+messages, queueing messages, delivering messages.</p>
+<p>Ultimately, the combination of the <em>Service Name</em> and <em>Subservice
Name</em>
+defines the <em>Service ID</em>. It is the <em>Service ID</em> which is
finally mapped to
+a Resource Resolver and/or JCR Repository user ID for authentication.</p>
+<p>Thus the actual service identification (service ID) is defined as:</p>
+<table class="codehilitetable"><tr><td class="linenos"><div
class="linenodiv"><pre>1</pre></div></td><td class="code"><div
class="codehilite"><pre>service-id = service-name [ ":"
subservice-name ] .
+</pre></div>
+</td></tr></table>
+
+<p>The <code>service-name</code> is the value of the
<code>Sling-Service</code> bundle manifest
+header. This name can be any string valid as a manifest header but must
+not contain a colon <code>:</code> which is used to delimit the
<code>service-name</code> from
+the <code>service-info</code> in the <code>service-id</code> string.</p>
+<p>If the bundle does not have a <code>Sling-Service</code> bundle manifest
header or
+if the value is the empty string, the bundle's symbolic name is used as
+the <code>service-name</code>.</p>
+<h3 id="example-tenant-administration">Example: Tenant Administration</h3>
+<p>Tenant Administration mostly deals with creating and managing groups
+and some other user administration tasks. Instead of just using an
+administrative session for Tenant administration this feature could
+define itself as being the <code>tenant-admin</code> service and leverage a
+properly configured Tenant Administration account.</p>
+<h3 id="example-mail-transfer-system">Example: Mail Transfer System</h3>
+<p>Consider a Mail Transfer System which may be comprised of the following
+sub systems:</p>
+<ul>
+<li>Accepting mail for processing — for example the SMTP server
daemon</li>
+<li>Queing and processing the messages</li>
+<li>Delivering messages to mailboxes</li>
+</ul>
+<p>You could conceive that all these functions serve different purposes and
+thus should have different access rights to the repository to persist
+messages while they are being processed.</p>
+<p>Using the Service Authentication framework, the Mail Transfer System
+would be consituting the <code>mta</code> service. The sub systems would be
called
+<code>smtp</code>, <code>queue</code>, and <code>deliver</code>.</p>
+<p>Thus the SMTP server daemon would be represented by a user for the
+<code>mta:smtp</code> Service. queueing with <code>mta:queue</code>, and
delivery with <code>mta:deliver</code>. </p>
+<h2 id="implementation">Implementation</h2>
+<p>The implementation in Sling of the <em>Service Authentication</em> concept
+described above consists of three parts:</p>
+<h3 id="serviceusermapper"><code>ServiceUserMapper</code></h3>
+<p>The first part is a new OSGi Service <code>ServiceUserMapper</code>. The
+<code>ServiceUserMapper</code> service allows for mapping <em>Service IDs</em>
comprised of
+the <em>Service Names</em> defined by the providing bundles and optional
<em>Subservice Name</em>
+to ResourceResolver and/or JCR Repository user IDs. This mapping is
configurable
+such that system administrators are in full control of assigning users to
services.</p>
+<p>The <code>ServiceUserMapper</code> defines the following API:</p>
+<table class="codehilitetable"><tr><td class="linenos"><div
class="linenodiv"><pre>1
+2</pre></div></td><td class="code"><div class="codehilite"><pre><span
class="n">String</span> <span class="nf">getServiceID</span><span
class="o">(</span><span class="n">Bundle</span> <span
class="n">bundle</span><span class="o">,</span> <span class="n">String</span>
<span class="n">subServiceName</span><span class="o">);</span>
+<span class="n">String</span> <span class="nf">getServiceUserID</span><span
class="o">(</span><span class="n">Bundle</span> <span
class="n">bundle</span><span class="o">,</span> <span class="n">String</span>
<span class="n">subServiceName</span><span class="o">);</span>
+</pre></div>
+</td></tr></table>
+
+<h3 id="resourceresolverfactory"><code>ResourceResolverFactory</code></h3>
+<p>The second part is support for service access to the Resource Tree. To this
+avail, the <code>ResourceResolverFactory</code> service is enhanced with a new
factory
+method</p>
+<table class="codehilitetable"><tr><td class="linenos"><div
class="linenodiv"><pre>1
+2</pre></div></td><td class="code"><div class="codehilite"><pre><span
class="n">ResourceResolver</span> <span
class="nf">getServiceResourceResolver</span><span class="o">(</span><span
class="n">Map</span><span class="o"><</span><span
class="n">String</span><span class="o">,</span> <span
class="n">Object</span><span class="o">></span> <span
class="n">authenticationInfo</span><span class="o">)</span>
+ <span class="kd">throws</span> <span class="n">LoginException</span><span
class="o">;</span>
+</pre></div>
+</td></tr></table>
+
+<p>This method allows for access to the resource tree for services where the
+service bundle is the bundle actually using the
<code>ResourceResolverFactory</code>
+service. The optional Subservice Name may be provided as an entry
+in the <code>authenticationInfo</code> map.</p>
+<p>In addition to having new API on the <code>ResourceResolverFactory</code>
service to
+be used by services, the <code>ResourceProviderFactory</code> service is
updated
+with support for Service Authentication: Now new API is required, though
+but additional properties are defined to convey the service to authenticate
+for.</p>
+<h3 id="slingrepository"><code>SlingRepository</code></h3>
+<p>The third part is an extension to the <code>SlingRepository</code>service
interface
+to support JCR Repository access for services:</p>
+<table class="codehilitetable"><tr><td class="linenos"><div
class="linenodiv"><pre>1
+2</pre></div></td><td class="code"><div class="codehilite"><pre><span
class="n">Session</span> <span class="nf">loginService</span><span
class="o">(</span><span class="n">String</span> <span
class="n">subServiceName</span><span class="o">,</span> <span
class="n">String</span> <span class="n">workspace</span><span class="o">)</span>
+ <span class="kd">throws</span> <span class="n">LoginException</span><span
class="o">,</span> <span class="n">RepositoryException</span><span
class="o">;</span>
+</pre></div>
+</td></tr></table>
+
+<p>This method allows for access to the JCR Repository for services where the
+service bundle is the bundle actually using the <code>SlingRepository</code>
+service. The additional Subservice Name may be provided with the
+<code>subServiceName</code> parameter.</p>
+<h2 id="deprecation-of-administrative-authentication">Deprecation of
administrative authentication</h2>
+<p>Originally the
<code>ResourceResolverFactory.getAdministrativeResourceResolver</code>
+and <code>SlingRepository.loginAdministrative</code> methods have been defined
to
+provide access to the resource tree and JCR Repository. These methods
+proved to be inappropriate because they allow for much too broad access.</p>
+<p>Consequently these methods are being deprecated and will be removed in
+future releases of the service implementations.</p>
+<p>The following methods are deprecated:</p>
+<ul>
+<li><code>ResourceResolverFactory.getAdministrativeResourceResolver</code></li>
+<li><code>ResourceProviderFactory.getAdministrativeResourceProvider</code></li>
+<li><code>SlingRepository.loginAdministrative</code></li>
+</ul>
+<p>The implementations we have in Sling's bundle will remain implemented
+in the near future. But there will be a configuration switch to disable
+support for these methods: If the method is disabled, a
<code>LoginException</code>
+is always thrown from these methods. The JavaDoc of the methods is
+extended with this information.</p>
+ <div class="timestamp" style="margin-top: 30px; font-size: 80%;
text-align: right;">
+ Rev. 1510382 by fmeschbe on Mon, 5 Aug 2013 08:30:02 +0000
+ </div>
+ <div class="trademarkFooter">
+ Apache Sling, Sling, Apache, the Apache feather logo, and the Apache
Sling project
+ logo are trademarks of The Apache Software Foundation. All other marks
mentioned
+ may be trademarks or registered trademarks of their respective owners.
+ </div>
+ </div>
+ </body>
+</html>
