[jira] [Commented] (SLING-6979) Support authorization of access to external content

Tue, 27 Jun 2017 04:55:15 -0700 

    [ 
https://issues.apache.org/jira/browse/SLING-6979?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16064703#comment-16064703
 ] 

Ian Boston commented on SLING-6979:
-----------------------------------

Branch underway at https://github.com/ieb/sling/tree/SLING-6979


> Support authorization of access to external content
> ---------------------------------------------------
>
>                 Key: SLING-6979
>                 URL: https://issues.apache.org/jira/browse/SLING-6979
>             Project: Sling
>          Issue Type: New Feature
>            Reporter: Ian Boston
>            Assignee: Ian Boston
>
> This issue is a PoC. It adds a capability to Sling so that Sling can issue 
> authorizations on request to access external data APIs. It will have a SPI 
> allowing concrete implementations, as there are many different possible 
> scheme. For instance, when configured with AWS S3 implementations of those 
> SPIs, on request it will issue signed policy authorizations that allow a 
> client to perform the authorised operation on the AWS S3 REST API, for a 
> specific key, for a specific time period. This would support the client 
> performing a direct upload to S3 as detailed in 
> [http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-post-example.html]. The 
> same pattern with a different authorization mechanisms would allow Sling to 
> emit  X-Accell-Redirect headers for a Proxy LN like nginX to stream directly 
> from the storage. This effectively removes the task of streaming bytes 
> through Sling from Sling ensuring that all request threads in Sling are short 
> lived, not consuming survivour heap space. Long lived threads holding onto 
> references from stack will cause those objects to land in survivor heap 
> costing more to GC when the operation is complete, even if the transfer is 
> streamed via the JVM.
> Implementation will use a servlet attached to a resourceType. The Resource 
> with that resource type will contain the configuration information and SPI 
> implementation reference, so that requests to that Resource generate 
> authorizations of the appropriate form. The configuration should be capable 
> of mapping entire subtrees of individual resources. How the Resource path 
> maps to a storage path is an implementation detail to follow Sling best 
> practice in this area. (ie RESTfull)
> The PoC will be done in a branch, and can be deleted if a complete failure.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to