Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

This section describes how to adapt native Swarm storage applications to use Content Gateway.

Requirements

  • Supply storage domain name in all requests

  • Use HTTP basic authentication instead of digest

  • Use Gateway ACL system instead of native Swarm auth/auth

  • Do not use Integrity Seal hash-type upgrade through Gateway

Tip

When integrating with Gateway, applications do not need to handle the HTTP 100-continue or redirect semantics that Swarm clients must include: the Gateway operates as a reverse proxy and will correctly use 100-continue when communicating with Swarm and hides all redirects from the upstream client.

Domains

Because Gateway is performing access control and validation for all operations, every content request must identify the storage domain for which the request is destined. The order of precedence for specifying the storage domain is:

  1. Query argument: domain=X, else

  2. HTTP X-Forwarded-Host header, else

  3. HTTP request Host header value.

While some native integrations with Swarm are rigorous in specifying the storage domain, Swarm is permissive of requests that do not specify one. Swarm also has additional precedence rules for assigning the storage domain; these are not compatible with requests handled through Gateway. When using Gateway, an application must specify the storage domain explicitly using one of the listed methods.

Authentication

It is common to require client applications to authenticate requests because Gateway is often deployed in access-controlled environments. While applications that previously integrated with Swarm may not have chosen to include provisions for authenticating requests.

Deprecated

The native Swarm auth/auth feature is deprecated and will be removed after June 2017. If you are using Swarm's native auth/auth for your applications, you must add security.noauth = False now in order to continue using the native auth/auth.

Applications can interoperate with Gateway and Swarm by implementing the Gateway ACL system or using a library that provides for an automatic selection. Unless an application manipulates the access control policies within Swarm, no additional changes are required when integrating with Gateway. Applications that do manipulate these policies will need to be adapted for Gateway's enhanced access control mechanism.

SSL

Content Gateway provides system administrators with the capability of encrypting client communications with SSL. Applications should provide for HTTPS communications when integrating with Gateway. Since many HTTP libraries already provide this capability, it is likely that applications will only need to add a configuration provision to use HTTPS versus HTTP.

  • No labels

© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.