[
https://issues.apache.org/jira/browse/SLING-9622?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17181241#comment-17181241
]
Robert Munteanu commented on SLING-9622:
----------------------------------------
Thanks [~angela] - fully agree with your notes above.
Reviewing the auth code I found {{SlingAuthenticator.getHandlerSelectionPath}}
which
{quote}Returns the path to be used to select the authentication handler to
login or logout with.{/quote}
It already has support for an extra request attribute that can select the
resource to use for logging in ( {{Authenticator.LOGIN_RESOURCE}} ). We could
either built on the same mechanism and have an extra component look up vanity
path information and set it if needed.
Another option is to add a second check to the method which does the vanity
path lookup.
As for the vanity path lookup itself, it should probably be in the
resourceresolver module. AFAICT the MapEntries have that data, but not in a
lookup-friendly way. {{MapEntries.vanityTargets}} holds the current vanity path
mappings, but in the wrong order ( resource -> list of vanity paths ). We need
a quick lookup from vanity path to the canonical resource path.
> Avoid registration of auth requirements for aliases and vanity paths
> --------------------------------------------------------------------
>
> Key: SLING-9622
> URL: https://issues.apache.org/jira/browse/SLING-9622
> Project: Sling
> Issue Type: Improvement
> Components: Authentication
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Priority: Major
> Fix For: Auth Core 1.5.0
>
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> Right now when auth requirements are registered, they need to be registered
> for the resource path, as well as all vanity paths and potentially all
> combinations of aliases for that path. First of all, this creates potentially
> a lot of auth requirements for a single path, but as well requires that the
> registrar of the auth requirement to be aware of vanity paths and aliases and
> do the right thing and update the auth requirements whenever there are
> changes.
> We should avoid these additional registrations and processing.
> The SlingAuthenticator is currently checking the request path against the
> auth requirements. We could change this with checking the resolved path. So
> the authenticator could use a service user resolver and resolve the path and
> then check the auth requirements.
> This avoids all the extra work for the registrar of the auth requirements,
> but comes with the additional cost of a resolve call per request
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
