Sirix rest api.. security

Hi,

regarding sirix-rest-api …class Auth

Is there a way to avoid the keycloak request on every sirix api request ?

Regards
Jörg

Hi Jörg,

I just had a quick look into the Vert.x implementation, but if the token is already there it seems to just check if it’s expired and then returns a future with an AccessToken object (OAuth2AuthProviderImpl).

Thanks for asking :slight_smile: Did you have trouble setting up SirixDB with Keycloak?

Have a great sunday :slight_smile:

kind regards
Johannes

The setup instructions could be more polished, I think… but everything in the keycloak-vertx setup worked perfectly.
I verified that the keycloak server is not contacted while vertx has the valid token, as expected.
Thanks for the info.

The routes /login and /[database] need some work on their responses, hopefully I can create a PR the next days.

Keep up the nice work… whats next ?
Horizontal scaling and replication would definitely be a great feature.

J

1 Like

Cool, thank you very much :slight_smile:

Yeah, I think after releasing 1.0 I want to look into horizontal scaling and replication :slight_smile:

Most probably with a transaction-log stored in Apache BookKeeper for replicating resources through a single writer and asynchronous readers. I think it also provides stuff like read your own writes and so on. Plus quorum-based writes…

BTW: Thanks so much :slight_smile:

looking also forward to your PR :slight_smile: