Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel2
outlinefalse
typelist
printablefalse

This section describes how to adapt native Swarm storage applications to use Content Gateway.toc

Requirements

  • Supply storage domain name in all requests

  • Use HTTP basic authentication instead of digest

  • Use Gateway ACL system instead of native Swarm auth/auth

  • Do not use Integrity Seal hash-type upgrade through Gateway

title
Info

Tip

When integrating with Gateway, applications do not need to handle the HTTP 100-continue or redirect semantics

that

Swarm clients must include: the Gateway operates as a reverse proxy and

will

correctly use 100-continue when communicating with Swarm and hides all redirects from the upstream client.

Domains

Because Gateway is performing access control and validation for all operations, every content request must identify the storage domain for which the request is destined. The order of precedence for specifying the storage domain is:

  1. Query argument: domain=X, else

  2. HTTP X-Forwarded-Host header, else

  3. HTTP request Host header value.

While some native integrations with Swarm are rigorous in specifying the storage domain, Swarm is permissive of requests that do not specify specifying one. Swarm also has additional precedence rules for assigning the storage domain; these are not compatible with requests handled through Gateway. When using Gateway, an application must specify the storage domain explicitly using one of the listed methods.

Authentication

Because It is common to require client applications to authenticate requests because Gateway is often deployed in access-controlled environments, it is common to require client applications to authenticate their requests. While applications that previously integrated with Swarm may not have chosen to include provisions for authenticating their requests, it is required to provide for HTTP basic authentication when integrating with the Content Gateway.

title
Info
Warning

Deprecated

The native Swarm auth/auth feature is deprecated and will be was removed after as of June 2017. If you are using Swarm's native auth/auth for your applications, you must add security.noauth = False now in order must be added to continue using the native auth/auth if using Swarm's native auth/auth for applications.

Applications can interoperate with Gateway and Swarm by implementing the Gateway ACL system or using a library that provides for an automatic selection. Unless an application manipulates the access control policies within Swarm, no additional changes are required when integrating with Gateway. Applications that do manipulate these policies will need to be adapted for Gateway's enhanced access control mechanism.

SSL

Content Gateway provides system administrators with the capability of encrypting client communications with SSL. Applications should are recommended to provide for HTTPS communications when integrating with Gateway. Since many HTTP libraries already provide this capability, it is likely that applications will only need to add a configuration provision to use HTTPS versus HTTP.