accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [accumulo] milleruntime commented on issue #1221: New Security Interface
Date Wed, 03 Jul 2019 21:09:46 GMT
milleruntime commented on issue #1221: New Security Interface
URL: https://github.com/apache/accumulo/issues/1221#issuecomment-508255968
 
 
   I compiled a list of secured actions to check against a user (I think I have them all,
please let me know if I am missing any).  This could replace all the crazy cross checking
of different permissions.  The new interface would have this method:
   ```java
     /**
      * Check if user can perform the action.
      */
     boolean check(String user, Action action);
   ```
   Then the Action enum would have:
   ```
   NAMESPACE_CREATE
   NAMESPACE_DROP
   NAMESPACE_PROPERTY_CHANGE
   NAMESPACE_RENAME
   TABLE_BULK_IMPORT
   TABLE_CANCEL_COMPACT
   TABLE_CLONE
   TABLE_COMPACT
   TABLE_CONDITIONAL_UPDATE
   TABLE_CREATE
   TABLE_DROP
   TABLE_EXPORT
   TABLE_FLUSH
   TABLE_IMPORT
   TABLE_MERGE
   TABLE_OFFLINE
   TABLE_ONLINE
   TABLE_PROPERTY_CHANGE
   TABLE_RANGE_DELETION
   TABLE_RENAME
   TABLE_SCAN
   TABLE_SPLIT
   TABLE_SUMMARIZE
   TABLE_WRITE
   USER_AUTHS_CHANGE
   USER_CREATE
   USER_DROP
   USER_PASSWORD_CHANGE
   ```
   I don't see why we would need to implement java objects or use abstract classes if all
we want is just the action name and user.  The business logic would still be in the same place...
either as a FATE operation or client operation but that code would call something like `security.check(user,
action)`
   
   Then I THINK we only need `initialize(rootuser, token)` and `authenticate(user, token)`
methods on the security interface for the rest of the code.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message