diff --git a/config/ldp/authentication/dpop-bearer.json b/config/ldp/authentication/dpop-bearer.json index 32266fe4b..b584a9b67 100644 --- a/config/ldp/authentication/dpop-bearer.json +++ b/config/ldp/authentication/dpop-bearer.json @@ -2,25 +2,29 @@ "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^5.0.0/components/context.jsonld", "@graph": [ { - "comment": "Supports DPoP and Bearer access tokens, or no credentials.", + "comment": "Caches the credentials based on the incoming request.", "@id": "urn:solid-server:default:CredentialsExtractor", - "@type": "UnionCredentialsExtractor", - "extractors": [ - { - "@type": "WaterfallHandler", - "handlers": [ - { - "@type": "DPoPWebIdExtractor", - "originalUrlExtractor": { - "@type": "OriginalUrlExtractor", - "args_identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" } - } - }, - { "@type": "BearerWebIdExtractor" } - ] - }, - { "@type": "PublicCredentialsExtractor" } - ] + "@type": "CachedHandler", + "source": { + "comment": "Supports DPoP and Bearer access tokens, or no credentials.", + "@type": "UnionCredentialsExtractor", + "extractors": [ + { + "@type": "WaterfallHandler", + "handlers": [ + { + "@type": "DPoPWebIdExtractor", + "originalUrlExtractor": { + "@type": "OriginalUrlExtractor", + "args_identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" } + } + }, + { "@type": "BearerWebIdExtractor" } + ] + }, + { "@type": "PublicCredentialsExtractor" } + ] + } } ] } diff --git a/config/ldp/authorization/readers/default.json b/config/ldp/authorization/readers/default.json index 986a4c7a1..97d9e7bc6 100644 --- a/config/ldp/authorization/readers/default.json +++ b/config/ldp/authorization/readers/default.json @@ -5,39 +5,44 @@ ], "@graph": [ { - "comment": "Requests permissions on subject resources for auxiliary resources.", + "comment": "Caches permissions based on credentials and requested modes. Does not cache the input object itself as that object might be created in different places", "@id": "urn:solid-server:default:PermissionReader", - "@type": "AuxiliaryReader", - "auxiliaryStrategy": { "@id": "urn:solid-server:default:AuxiliaryStrategy" }, - "reader": { - "@type": "UnionPermissionReader", - "readers": [ - { - "comment": "This PermissionReader will be used to prevent external access to containers used for internal storage.", - "@id": "urn:solid-server:default:PathBasedReader", - "@type": "PathBasedReader", - "baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" } - }, - { - "comment": "The config that determines the authorization strategy needs to set the `authStrategy` field of this object.", - "@id": "urn:solid-server:default:OwnerPermissionReader", - "@type": "OwnerPermissionReader" - }, - { - "comment": "Adds parent container checks needed for create/delete permissions.", - "@id": "urn:solid-server:default:ParentContainerReader", - "@type": "ParentContainerReader", - "identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" }, - "reader": { - "comment": [ - "Reinterprets Control permissions as Read/Write on the auth resource.", - "The config that determines the authorization strategy needs to set the `authStrategy` and `reader` fields of this object." - ], - "@id": "urn:solid-server:default:AuthAuxiliaryReader", - "@type": "AuthAuxiliaryReader" + "@type": "CachedHandler", + "fields": [ "credentials", "requestedModes" ], + "source": { + "comment": "Requests permissions on subject resources for auxiliary resources.", + "@type": "AuxiliaryReader", + "auxiliaryStrategy": { "@id": "urn:solid-server:default:AuxiliaryStrategy" }, + "reader": { + "@type": "UnionPermissionReader", + "readers": [ + { + "comment": "This PermissionReader will be used to prevent external access to containers used for internal storage.", + "@id": "urn:solid-server:default:PathBasedReader", + "@type": "PathBasedReader", + "baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" } + }, + { + "comment": "The config that determines the authorization strategy needs to set the `authStrategy` field of this object.", + "@id": "urn:solid-server:default:OwnerPermissionReader", + "@type": "OwnerPermissionReader" + }, + { + "comment": "Adds parent container checks needed for create/delete permissions.", + "@id": "urn:solid-server:default:ParentContainerReader", + "@type": "ParentContainerReader", + "identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" }, + "reader": { + "comment": [ + "Reinterprets Control permissions as Read/Write on the auth resource.", + "The config that determines the authorization strategy needs to set the `authStrategy` and `reader` fields of this object." + ], + "@id": "urn:solid-server:default:AuthAuxiliaryReader", + "@type": "AuthAuxiliaryReader" + } } - } - ] + ] + } } } ] diff --git a/config/ldp/modes/default.json b/config/ldp/modes/default.json index 71c97a253..b9c2b2763 100644 --- a/config/ldp/modes/default.json +++ b/config/ldp/modes/default.json @@ -2,12 +2,16 @@ "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^5.0.0/components/context.jsonld", "@graph": [ { - "comment": "Checks if an operation on a resource requires permissions on intermediate resources (such as newly created parent containers).", + "comment": "Caches the requested modes based on the incoming operation.", "@id": "urn:solid-server:default:ModesExtractor", - "@type": "IntermediateCreateExtractor", - "resourceSet": { "@id": "urn:solid-server:default:CachedResourceSet" }, - "strategy": { "@id": "urn:solid-server:default:IdentifierStrategy" }, - "source": { "@id": "urn:solid-server:default:HttpModesExtractor" } + "@type": "CachedHandler", + "source" : { + "comment": "Checks if an operation on a resource requires permissions on intermediate resources (such as newly created parent containers).", + "@type": "IntermediateCreateExtractor", + "resourceSet": { "@id": "urn:solid-server:default:CachedResourceSet" }, + "strategy": { "@id": "urn:solid-server:default:IdentifierStrategy" }, + "source": { "@id": "urn:solid-server:default:HttpModesExtractor" }, + } }, { "comment": "Determines required modes based on HTTP methods.",