geode-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Rhomberg <prhomb...@pivotal.io>
Subject Re: Review Request 59692: GEODE-2925: add target for resource operation for finer grained security
Date Fri, 02 Jun 2017 20:45:58 GMT


> On June 1, 2017, 9:47 p.m., Patrick Rhomberg wrote:
> > geode-core/src/main/java/org/apache/geode/management/internal/security/ResourceOperation.java
> > Line 29 (original), 30 (patched)
> > <https://reviews.apache.org/r/59692/diff/4/?file=1738269#file1738269line33>
> >
> >     Is it possible to make this `@Repeatable`?  There are some operations that require
multiple security permissions, and it would be nice to be able to just annotate those functions
twice.
> >     
> >     For instance, `DistributedSystemMXBean.backupAllMembers` should have `DATA:READ`
and `CLUSTER:WRITE:DISK`.
> 
> Jinmei Liao wrote:
>     I tried to do this, but it's more involved than just adding the repeatable annoation
here. The user of these annotations will need to be updated to handle multiple values. Possibly
for future enhancement.

Here's a diff on my branch that I think does what we want.

https://github.com/PurelyApplied/geode/commit/e82688ffb08e4b4542d2f440cb62d46d2b7bcf3c

Am I missing a use case where `method.getAnnotation(ResourceOperation.class)` is going to
be used by some user's custom implementations?  Because otherwise we only need to change the
annotation processing in `CommandProcessor::executeCommand`, as far as I can tell.


- Patrick


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59692/#review176684
-----------------------------------------------------------


On June 2, 2017, 4:08 p.m., Jinmei Liao wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59692/
> -----------------------------------------------------------
> 
> (Updated June 2, 2017, 4:08 p.m.)
> 
> 
> Review request for geode, Emily Yeh, Jared Stewart, Ken Howe, Kirk Lund, and Patrick
Rhomberg.
> 
> 
> Repository: geode
> 
> 
> Description
> -------
> 
> GEODE-2925: add target for resource operation for finer grained security
> 
> 
> Diffs
> -----
> 
>   geode-core/src/main/java/org/apache/geode/examples/security/ExampleSecurityManager.java
84f97de56 
>   geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
f9fade1cf 
>   geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java 14784c391

>   geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/DiskStoreCommands.java
64fafda84 
>   geode-core/src/main/java/org/apache/geode/management/internal/cli/remote/CommandProcessor.java
c2c6e1425 
>   geode-core/src/main/java/org/apache/geode/management/internal/security/AccessControlMBean.java
6514a33e5 
>   geode-core/src/main/java/org/apache/geode/management/internal/security/MBeanServerWrapper.java
fe79efbed 
>   geode-core/src/main/java/org/apache/geode/management/internal/security/ResourceOperation.java
db3a1872a 
>   geode-core/src/main/java/org/apache/geode/security/ResourcePermission.java 45da46441

>   geode-core/src/test/java/org/apache/geode/management/internal/security/ResourcePermissionTest.java
b728b271e 
>   geode-core/src/test/java/org/apache/geode/management/internal/security/TestCommand.java
3f8f4d9d4 
>   geode-core/src/test/java/org/apache/geode/security/SimpleSecurityManagerTest.java 2d6fbcaeb

>   geode-core/src/test/java/org/apache/geode/security/TestSecurityManager.java 6080b5de8

>   geode-core/src/test/resources/org/apache/geode/codeAnalysis/excludedClasses.txt 9cff80d19

>   geode-web-api/src/main/java/org/apache/geode/rest/internal/web/security/RestSecurityService.java
80ff719b0 
> 
> 
> Diff: https://reviews.apache.org/r/59692/diff/6/
> 
> 
> Testing
> -------
> 
> precheckin runing
> 
> 
> Thanks,
> 
> Jinmei Liao
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message