[
https://issues.apache.org/jira/browse/SLING-9622?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17181254#comment-17181254
]
Angela Schreiber commented on SLING-9622:
-----------------------------------------
[~rombert], i will need to look into the
{{SlingAuthenticator.getHandlerSelectionPath}}....
regarding vanity-path lookup: i concluded the same after spending some time
with the {{MapEntries}} entries. maybe i got confused, but somehow i still feel
that i don't yet fully understand all the subtleties of the
{{ResourceResolver.resolve}} mechanism and how that works in combination with
the vanity paths (where i have to admit that i am no longer sure what exactly
the valid formats are) and if my initial tests in AEM did really captured the
full picture.
maybe things are less complex... but today i got a bit lost in the
resource-resolver code ;) i will give it another try tomorrow. without a better
understanding though i would not feel comfortable reviewing a patch you
probably will come up with earlier than me.
> Avoid registration of auth requirements for aliases and vanity paths
> --------------------------------------------------------------------
>
> Key: SLING-9622
> URL: https://issues.apache.org/jira/browse/SLING-9622
> Project: Sling
> Issue Type: Improvement
> Components: Authentication
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Priority: Major
> Fix For: Auth Core 1.5.0
>
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> Right now when auth requirements are registered, they need to be registered
> for the resource path, as well as all vanity paths and potentially all
> combinations of aliases for that path. First of all, this creates potentially
> a lot of auth requirements for a single path, but as well requires that the
> registrar of the auth requirement to be aware of vanity paths and aliases and
> do the right thing and update the auth requirements whenever there are
> changes.
> We should avoid these additional registrations and processing.
> The SlingAuthenticator is currently checking the request path against the
> auth requirements. We could change this with checking the resolved path. So
> the authenticator could use a service user resolver and resolve the path and
> then check the auth requirements.
> This avoids all the extra work for the registrar of the auth requirements,
> but comes with the additional cost of a resolve call per request
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
