geode-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Blum <>
Subject Re: OQL rewriting
Date Thu, 22 Jun 2017 22:11:05 GMT
We should also keep in mind this may not be possible when using an actual,
robust security framework like *Apache Shiro*, or *Shiro* may provide
different callbacks/mechanisms/extensions.

This should be taken into account in the "solution" since most sensible
users will use a well-known, proven security framework when securing their
Geode deployment.


On Thu, Jun 22, 2017 at 2:34 PM, Michael Stolz <> wrote:

> The old security framework had an authorizeOperation method that had enough
> information to be able to inspect and modify an OQL string before it would
> be executed. That whole framework is now deprecated, but I feel like it's a
> really powerful feature being able to modify OQL in such a way as to
> support adding some kind of security column to the where clause so you can
> implement row-level security on queries.
> My question is, are the new securityManager and the old AccessControl
> interface able to both be used together or are they mutually exclusive?
> --
> Mike Stolz
> Principal Engineer, GemFire Product Manager
> Mobile: +1-631-835-4771

john.blum10101 (skype)

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message