geode-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jinmei Liao <jil...@pivotal.io>
Subject Re: Review Request 59692: GEODE-2925: add target for resource operation for finer grained security
Date Fri, 02 Jun 2017 21:02:27 GMT


> On June 1, 2017, 9:47 p.m., Patrick Rhomberg wrote:
> > geode-core/src/main/java/org/apache/geode/management/internal/security/ResourceOperation.java
> > Line 29 (original), 30 (patched)
> > <https://reviews.apache.org/r/59692/diff/4/?file=1738269#file1738269line33>
> >
> >     Is it possible to make this `@Repeatable`?  There are some operations that require
multiple security permissions, and it would be nice to be able to just annotate those functions
twice.
> >     
> >     For instance, `DistributedSystemMXBean.backupAllMembers` should have `DATA:READ`
and `CLUSTER:WRITE:DISK`.
> 
> Jinmei Liao wrote:
>     I tried to do this, but it's more involved than just adding the repeatable annoation
here. The user of these annotations will need to be updated to handle multiple values. Possibly
for future enhancement.
> 
> Patrick Rhomberg wrote:
>     Here's a diff on my branch that I think does what we want.
>     
>     https://github.com/PurelyApplied/geode/commit/e82688ffb08e4b4542d2f440cb62d46d2b7bcf3c
>     
>     Am I missing a use case where `method.getAnnotation(ResourceOperation.class)` is
going to be used by some user's custom implementations?  Because otherwise we only need to
change the annotation processing in `CommandProcessor::executeCommand`, as far as I can tell.

this works for annotations we added on commands. This annotation is also used on MXBeans,
e.g. MemberMXBean, the place where it's parsing that info is in MBeanServerWrapper.getOperationContext(),
that's where it's give us hickups.


- Jinmei


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59692/#review176684
-----------------------------------------------------------


On June 2, 2017, 4:08 p.m., Jinmei Liao wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59692/
> -----------------------------------------------------------
> 
> (Updated June 2, 2017, 4:08 p.m.)
> 
> 
> Review request for geode, Emily Yeh, Jared Stewart, Ken Howe, Kirk Lund, and Patrick
Rhomberg.
> 
> 
> Repository: geode
> 
> 
> Description
> -------
> 
> GEODE-2925: add target for resource operation for finer grained security
> 
> 
> Diffs
> -----
> 
>   geode-core/src/main/java/org/apache/geode/examples/security/ExampleSecurityManager.java
84f97de56 
>   geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
f9fade1cf 
>   geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java 14784c391

>   geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/DiskStoreCommands.java
64fafda84 
>   geode-core/src/main/java/org/apache/geode/management/internal/cli/remote/CommandProcessor.java
c2c6e1425 
>   geode-core/src/main/java/org/apache/geode/management/internal/security/AccessControlMBean.java
6514a33e5 
>   geode-core/src/main/java/org/apache/geode/management/internal/security/MBeanServerWrapper.java
fe79efbed 
>   geode-core/src/main/java/org/apache/geode/management/internal/security/ResourceOperation.java
db3a1872a 
>   geode-core/src/main/java/org/apache/geode/security/ResourcePermission.java 45da46441

>   geode-core/src/test/java/org/apache/geode/management/internal/security/ResourcePermissionTest.java
b728b271e 
>   geode-core/src/test/java/org/apache/geode/management/internal/security/TestCommand.java
3f8f4d9d4 
>   geode-core/src/test/java/org/apache/geode/security/SimpleSecurityManagerTest.java 2d6fbcaeb

>   geode-core/src/test/java/org/apache/geode/security/TestSecurityManager.java 6080b5de8

>   geode-core/src/test/resources/org/apache/geode/codeAnalysis/excludedClasses.txt 9cff80d19

>   geode-web-api/src/main/java/org/apache/geode/rest/internal/web/security/RestSecurityService.java
80ff719b0 
> 
> 
> Diff: https://reviews.apache.org/r/59692/diff/6/
> 
> 
> Testing
> -------
> 
> precheckin runing
> 
> 
> Thanks,
> 
> Jinmei Liao
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message