time-bound URLs as Nexus plugin?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

time-bound URLs as Nexus plugin?

Max Spring
Use case would be to completely lock-down a repository against anonymous reads,
but to give read access only to a selected artifact for a limited period in time (e.g. 30 minutes).
The URL would also need to have some cryptic session token in its path to prevent "URL guessing".

Would it be possible to implement this as a Nexus plugin?

If yes, are there any good places to start looking into when implementing this feature?

The plugin would of course implement a REST API to manage the time-bound exposure of artifacts.

Thanks!
-Max

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: time-bound URLs as Nexus plugin?

Tamás Cservenák
This would be very similar to what Staging does for deploying. In short

* it sets "exposed=false" on Repository, making it unreachable over ANY "/content" URL
* it introduces an alternative resource that offers content access.
* that new resource might to any black magic it wants, to filter, allow etc the access.

Note: you have to be aware that if you go with this solution, grouping and other features becomes immediately unavailable. Here, we talk about exposing the repo "bucket" over some custom URL (with some extra filtering). Hence, you cannot group the repository and such....


On Tue, Apr 23, 2013 at 1:40 AM, Max Spring <[hidden email]> wrote:
Use case would be to completely lock-down a repository against anonymous reads,
but to give read access only to a selected artifact for a limited period in time (e.g. 30 minutes).
The URL would also need to have some cryptic session token in its path to prevent "URL guessing".

Would it be possible to implement this as a Nexus plugin?

If yes, are there any good places to start looking into when implementing this feature?

The plugin would of course implement a REST API to manage the time-bound exposure of artifacts.

Thanks!
-Max

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]