directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "lucas theisen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRSERVER-2088) Add the ability to specify additional fields that should be hashed by the hashing interceptors
Date Mon, 17 Aug 2015 17:00:48 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-2088?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14699818#comment-14699818
] 

lucas theisen commented on DIRSERVER-2088:
------------------------------------------

{quote}
The default value is rarely needed... If you don't need a default value, ignore it.
{quote}
I wanted to used the annotated default value as the place where I specify defaults (rather
than the constructor/initializer in the actual interceptor).  I felt it was a better location
as it is _closer_ to the configuration.  The problem is, the code as it currently stands,
does not use the defaults on the _READ_ side, only on the _WRITE_ side.  Seems rather unexpected,
but I didn't want to change a fundamental behavior that I don't thoroughly understand.
{quote}
There is no reason to have multiple interceptor to do the same thing so, yes, a replacement
would make sense...
{quote}
It would certainly clean up the code by removing 15+ implementation classes that are little
more than the abstract base class they extend.  It would mean all users would need to reconfigure,
but we are not yet released.  The M20 change to distributed configuration already introduced
a pretty hefty migration (at least for me it did).  Perhaps vote on this?
{quote}
I would rather use something like...
{quote}
Yeah, that is what you mentioned, I just felt like we could end up running out of values soon
if we modify more interceptors to allow for configuration.  I have no problem changing this
back, would you like me to do so?
{quote}
AFAICT, only one hash method will be available...
{quote}
Yes, this is indeed correct.  If you wanted to hash different attributes differently, that
would be as simple as including 2 of these interceptors with different configurations.  For
example, interceptor 9 could be {{SSHA-256}} for {{userPassword}} and interceptor 10 could
be {{SHA-1}} for {{uid}}.

> Add the ability to specify additional fields that should be hashed by the hashing interceptors
> ----------------------------------------------------------------------------------------------
>
>                 Key: DIRSERVER-2088
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2088
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>            Reporter: lucas theisen
>         Attachments: oid_map.json, oid_map.pl
>
>
> This [discussion|http://mail-archives.apache.org/mod_mbox/directory-dev/201507.mbox/%3CBN1PR09MB019635837EB5B0C564A0E955CD820@BN1PR09MB0196.namprd09.prod.outlook.com%3E]
went over the topic.  Per the suggestion from [~akiran], this should be done with some new
attributes:
> {quote}
> what I would do is to add support for configuring one or more attributes in
> this interceptor
> something like, 'ads-hashAttibute' a multi valued attributes
> {quote}
> Per [~elecharny], a new {{objectClass}} should be created:
> {quote}
> The idea is to add some configuration in the HashInterceptor
> configuration. You can create a new ObjectClass for that and add some
> new AttributeType to store the OID to be hashed.
> {quote}
> And given that we will create a new {{objectClass}} with its own configuration attribute
for {{ads-hashAttribute}} it is also reasonable to add {{ads-hashAlgorithm}}.  With this,
_ALL_ of the individual classes could be implemented as one simple {{HashingInterceptor}}.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message