geode-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ken Howe <kh...@pivotal.io>
Subject Re: Review Request 59692: GEODE-2925: add target for resource operation for finer grained security
Date Thu, 01 Jun 2017 17:49:57 GMT


> On June 1, 2017, 5:09 p.m., Jared Stewart wrote:
> > geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
> > Lines 228 (patched)
> > <https://reviews.apache.org/r/59692/diff/3/?file=1737978#file1737978line228>
> >
> >     I think it might be nice to have a variant of `authorize()` that takes a Resource/Operation/Target
rather than their String representations:
> >     
> >     ```
> >       public void authorize(Resource resource, Operation operation){} 
> >       public void authorize(Resource resource, Operation operation, Target target){}

> >     
> >     ```
> >     
> >     Then these methods would look like
> >     ```
> >     public void authorizeDiskManage() {
> >         authorize(Resource.CLUSTER, Operation.MANAGE, ResourcePermission.Target.DISK);
> >       }
> >     ```

Target can be a region name as well as the as a Target enum. Consequently, the ResourcePermission
constructors that the authorize methods call currently all expect target as a string.


- Ken


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59692/#review176626
-----------------------------------------------------------


On June 1, 2017, 5:21 p.m., Jinmei Liao wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59692/
> -----------------------------------------------------------
> 
> (Updated June 1, 2017, 5:21 p.m.)
> 
> 
> Review request for geode, Emily Yeh, Jared Stewart, Ken Howe, Kirk Lund, and Patrick
Rhomberg.
> 
> 
> Repository: geode
> 
> 
> Description
> -------
> 
> GEODE-2925: add target for resource operation for finer grained security
> 
> 
> Diffs
> -----
> 
>   geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
600d5462b1d18cfc702d400f6d91c1ac1fab3755 
>   geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java 14784c391212095413c0d577cfc65de7247080b5

>   geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/DiskStoreCommands.java
226cfaf45fa2a1720a92e8e7ac2c179653240e2d 
>   geode-core/src/main/java/org/apache/geode/management/internal/security/MBeanServerWrapper.java
fe79efbed0aa7ec9a3d27526df2f4a86794513c2 
>   geode-core/src/main/java/org/apache/geode/management/internal/security/ResourceOperation.java
db3a1872a87b558772902cf14580f3e14fca97b3 
>   geode-core/src/main/java/org/apache/geode/security/ResourcePermission.java 45da464419779773c9116d824fcf11774bafbd79

>   geode-core/src/test/java/org/apache/geode/management/internal/security/ResourcePermissionTest.java
b728b271efb876d471b35e002c5b110919f10fcc 
>   geode-core/src/test/java/org/apache/geode/management/internal/security/TestCommand.java
3f8f4d9d4ee0a8f9c3385cd66ee20655d126d34d 
>   geode-core/src/test/resources/org/apache/geode/codeAnalysis/excludedClasses.txt 9cff80d1982bd30f6ba5d8a61ab7307a69862fd4

> 
> 
> Diff: https://reviews.apache.org/r/59692/diff/4/
> 
> 
> Testing
> -------
> 
> precheckin runing
> 
> 
> Thanks,
> 
> Jinmei Liao
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message