aurora-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Farner" <wfar...@apache.org>
Subject Re: Review Request 42614: Allowing dual authorizing params to account for thrift API deprecations.
Date Thu, 21 Jan 2016 21:14:52 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/42614/#review115697
-----------------------------------------------------------



src/main/java/org/apache/aurora/scheduler/http/api/security/AuthorizingParam.java (line 34)
<https://reviews.apache.org/r/42614/#comment176714>

    The limit of 2 seems arbitrary, and this reflects in the code.  Why not simply say that
if there are multiple authorizing params, exactly one must be non-null?



src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptor.java
(line 209)
<https://reviews.apache.org/r/42614/#comment176717>

    Consider removing the use of guava's `Invokable` and `Parameter` throughout.  They really
only exist as an abstraction over methods and constructors, which we don't need here.  The
change is self-explanatory starting with
    
    ```
    candidateMethod.getParameters()
    ```



src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptor.java
(line 215)
<https://reviews.apache.org/r/42614/#comment176711>

    Not new, but consider dropping this check.  The lookup in `FIELD_GETTERS_BY_TYPE` is more
direct.



src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptor.java
(line 220)
<https://reviews.apache.org/r/42614/#comment176712>

    s/final //


- Bill Farner


On Jan. 21, 2016, 12:53 p.m., Maxim Khutornenko wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/42614/
> -----------------------------------------------------------
> 
> (Updated Jan. 21, 2016, 12:53 p.m.)
> 
> 
> Review request for Aurora and Bill Farner.
> 
> 
> Repository: aurora
> 
> 
> Description
> -------
> 
> We don't allow dual annotations for authorizing params in thrift. There are cases, however,
when it's needed. One example is AURORA-1583 where we would need to support something like
below before we cutoff `query` in the next release:
> ```
>   Response killTasks(
>       @AuthorizingParam @Nullable TaskQuery query,
>       @Nullable Lock lock,
>       @AuthorizingParam @Nullable JobKey job,
>       int instances) throws TException;
> ```      
> 
> The new behavior allows at most 2 annotations but only one of the annotated arguments
must be non-null during interception.
> 
> Also, added missing test coverage.
> 
> 
> Diffs
> -----
> 
>   config/legacy_untested_classes.txt 6b71fd233af0d137332bc69249d16e433aa198c7 
>   src/main/java/org/apache/aurora/scheduler/http/api/security/AuthorizingParam.java 11d7e465556020571ffeefcf05596e6251ba9d19

>   src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptor.java
69056624064be4bbd4136afb4dd6e3eb33c5e0d2 
>   src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java
16a3a3b84c2a06bc340575abb58f853a8f26920d 
> 
> Diff: https://reviews.apache.org/r/42614/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Maxim Khutornenko
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message