[
https://issues.apache.org/jira/browse/SLING-3377?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13893193#comment-13893193
]
Stefan Egli commented on SLING-3377:
------------------------------------
Yes. The topology connector is currently explicitly excluded from
sling.auth.requirements - instead, there are the following two mechanisms:
* hmac-based signing of request & reply with a shared key
or
* whitelist of request host/address (with SLING-3001 supporting wildcards/cidr
notation too)
> Make topology connector a plain HttpServlet instead of a SlingServlet
> ---------------------------------------------------------------------
>
> Key: SLING-3377
> URL: https://issues.apache.org/jira/browse/SLING-3377
> Project: Sling
> Issue Type: Improvement
> Components: Extensions
> Affects Versions: Discovery Impl 1.0.2
> Reporter: Stefan Egli
> Assignee: Stefan Egli
>
> Currently the TopologyConnectorServlet is registered as a SlingServlet, thus
> using the entire set provided, such as authorization, resource resolution
> etc. Besides using unnecessary CPU cycles, this also results in too much
> logging.
> The connector servlet should be changed to be registered as a plain
> HttpServlet instead.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
