[jira] [Commented] (OAK-2416) Support continuable sessions

Mon, 19 Jan 2015 06:30:09 -0800 

    [ 
https://issues.apache.org/jira/browse/OAK-2416?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14282546#comment-14282546
 ] 

Antonio Sanso commented on OAK-2416:
------------------------------------

thanks [~mduerig] this sounds good.
One thing it would be nice to keep in mind is to keep an abstraction layer that 
has some plugability.
The reason is that usually the OAuth server to server flow in question use some 
cryptography (leverages JWT) in order to be stateless.
The crypto code in Java usually is highly dependent on the security Provider 
installed in the JVM, hence is better to "protect" against this event.

> Support continuable sessions 
> -----------------------------
>
>                 Key: OAK-2416
>                 URL: https://issues.apache.org/jira/browse/OAK-2416
>             Project: Jackrabbit Oak
>          Issue Type: Sub-task
>          Components: core
>            Reporter: Michael Dürig
>
> Implement support for continuable sessions to keeps state across multiple 
> client/server interactions. Continuable sessions do not require any 
> additional state on the server (i.e. Oak) apart form the apparent repository 
> state. 
> To continue a session a client would obtain a continuation token from the 
> current session. This token can be used on the next call to 
> {{Repository.login}} to obtain a new {{Session}} instance that is based on 
> the same repository revision that the session the token was obtained from. 
> Additionally the token could contain information re. authentication so 
> subsequent request can go through a simplified authentication procedure. 
> ([~asanso]'s work on OAuth might be of help here.)
> Transient changes are not supported in continuable sessions. Obtaining a 
> continuation token from a session with transient changes results in an error. 
> Continuable sessions are typically short lived (i.e. the time of a single 
> HTTP request). Specifically continuable session do not retain the underlying 
> repository revision from being garbage collected. Clients need to be able to 
> cope with respective exceptions. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to