[
https://issues.apache.org/jira/browse/SLING-5792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15420699#comment-15420699
]
Carsten Ziegeler edited comment on SLING-5792 at 8/15/16 11:05 AM:
-------------------------------------------------------------------
In rev 1756359 I'Ve added a new interface BundleAuthenticationRequirement which
is the same as your latest AuthenticationRequirement except that it doesn't
take the key argument - the requirements are managed by client bundle.
In rev 1756370 I've added a first implementation together with the test cases
provided in the original patch.
The new implementation is more efficient as it does not keep any state at all,
there is no need to keep the provided requirements for deleting or clearing.
The penalty comes with clearing all requirements as this has to step through
the whole cache, but given the benefits for all other operations, I think
that's fine
was (Author: cziegeler):
In rev 1756359 I'Ve added a new interface BundleAuthenticationRequirement which
is the same as your latest AuthenticationRequirement except that it doesn't
take the key argument - the requirements are managed by client bundle.
In rev 1756370 I've added a first implementation together with the test cases
provided in the original patch.
> API to manage Authentication Requirement
> ----------------------------------------
>
> Key: SLING-5792
> URL: https://issues.apache.org/jira/browse/SLING-5792
> Project: Sling
> Issue Type: Sub-task
> Components: Authentication
> Reporter: angela
> Assignee: Carsten Ziegeler
>
> Apart from the constant {{AuthConstants.AUTH_REQUIREMENTS}} there is no
> public API available that allowed applications to change the list of
> authentication requirement entries.
> Instead, applications need to know and rely on implementation details, which
> not only includes registering services with the
> {{AuthConstants.AUTH_REQUIREMENTS}} property included but also know about the
> required format of the property, which from my point of view should be and
> remain an implementation detail of
> {{org.apache.sling.auth.core.impl.SlingAuthenticator}}, which IMO should not
> be considered public API.
> To me it would feel more natural if there existed a
> {{AuthenticationRequirement}} interface defining methods to
> extend/update/clear the auth-requirements bound to a particular service
> reference and having {{org.apache.sling.auth.core.impl.SlingAuthenticator}}
> implementing that interface.
> Doing so, might also be beneficial from a performance/scalability POV but I
> would like to cover that in a separate sub-task.
> Proposal for this sub-tasks will follow as I am moving forward.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
