geode-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Juan José Ramos <jra...@pivotal.io>
Subject Re: [PROPOSAL]: Improve OQL Method Invocation Security
Date Thu, 11 Jul 2019 15:36:32 GMT
Hello all,

Friendly reminder regarding the deadline to rise concerns and/or objections
regarding the *OQL Method InvocationSecurity Proposal [1]*, I'll go ahead
and move it to *Development* on July 13th.
Best regards.

[1]:
https://cwiki.apache.org/confluence/display/GEODE/OQL+Method+Invocation+Security#OQLMethodInvocationSecurity-PriorArt


On Mon, Jul 8, 2019 at 3:29 PM Juan José Ramos <jramos@pivotal.io> wrote:

> Done [1]!.
> Please remember that, if no major concerns arise before Friday this week,
> I'll go ahead and move the proposal to *Development* on July 13th.
> Best regards.
>
> [1]:
> https://cwiki.apache.org/confluence/display/GEODE/OQL+Method+Invocation+Security#OQLMethodInvocationSecurity-PriorArt
>
> On Fri, Jul 5, 2019 at 3:48 PM Jacob Barrett <jbarrett@pivotal.io> wrote:
>
>> Can you please add a Prior Art section to your proposal discussing these
>> alternative solutions and why they are insufficient?
>>
>> Thanks,
>> Jake
>>
>>
>> > On Jul 5, 2019, at 10:41 AM, Juan José Ramos <jramos@pivotal.io> wrote:
>> >
>> > Hello Jake,
>> >
>> > I've replied something similar *here [1]*.
>> > Long story short, I haven't found anything that really applies to our
>> use
>> > case. The "most similar solution" is *Spring Method Security [2]*, which
>> > basically implies annotating methods with explicit configuration about
>> the
>> > roles required to execute them. The same goes for *Shiro
>> **Annotation-based
>> > Authorization [3]*. The *AnnotationBasedMethodAuthorize**r [3]* approach
>> > from the proposal is somewhat similar to this, but I've discarded it
>> > because if forces the user to annotate classes with our own annotations,
>> > basically forcing them to modify their domain model.
>> > The proposal basically allows our users to use one of the default of the
>> > box implementations and, if they don't like them for whatever reason, is
>> > flexible enough so they can ultimately provide their own.
>> > Hope this helps.
>> > Cheers.
>> >
>> > [1]:
>> >
>> https://markmail.org/message/ekons7ixtz4jtf7n#query:+page:1+mid:snxgpsqd3yuppmsc+state:results
>> > [2]:
>> >
>> https://docs.spring.io/spring-security/site/docs/5.1.5.RELEASE/reference/html/jc.html#jc-method
>> > [3]:
>> >
>> https://shiro.apache.org/authorization.html#Authorization-AnnotationbasedAuthorization
>> > [4]:
>> >
>> https://cwiki.apache.org/confluence/display/GEODE/OQL+Method+Invocation+Security#OQLMethodInvocationSecurity-AnnotationBasedMethodAuthorizer
>> >
>> > On Fri, Jul 5, 2019 at 1:46 PM Jacob Barrett <jbarrett@pivotal.io>
>> wrote:
>> >
>> >> So if we don’t want to use the Java built in SecurityManager to solve
>> >> this, because we feel it's too big or too inflexible for our needs,
>> have
>> >> other projects implemented something we can borrow? We can’t be the
>> first
>> >> to need something like this if Java’s solution isn’t a good fit.
>> >>
>> >> Again I want to avoid inventing something new. What prior art is out
>> there?
>> >>
>> >>
>> >>> On Jul 4, 2019, at 1:29 PM, Juan José Ramos <jramos@pivotal.io>
>> wrote:
>> >>>
>> >>> Hello all,
>> >>>
>> >>> If you haven't added my email to the spam folder already :-), then I'd
>> >> like
>> >>> to let you know that I've update again the *Proposal [1]* and
>> >> incorporated
>> >>> most of the feedback provided, along with some additional information
>> and
>> >>> context I missed on the previous versions, thanks all that brought
>> >> concerns
>> >>> and suggestions to the discussion. Please take some time to review it
>> >>> thoroughly, adding comments and/or concerns *only on this email
>> thread*,
>> >>> all feedback is more than welcome.
>> >>> If no major concerns arise before July 12th 2019, I'll go ahead and
>> mark
>> >>> move the proposal to *Development* on July 13th.
>> >>> Best regards.
>> >>>
>> >>> [1]:
>> >>>
>> >>
>> https://cwiki.apache.org/confluence/display/GEODE/OQL+Method+Invocation+Security
>> >>
>> >>
>> >
>> > --
>> > Juan José Ramos Cassella
>> > Senior Technical Support Engineer
>> > Email: jramos@pivotal.io
>> > Office#: +353 21 4238611
>> > Mobile#: +353 87 2074066
>> > After Hours Contact#: +1 877 477 2269
>> > Office Hours: Mon - Thu 08:30 - 17:00 GMT. Fri 08:30 - 16:00 GMT
>> > How to upload artifacts:
>> > https://support.pivotal.io/hc/en-us/articles/204369073
>> > How to escalate a ticket:
>> > https://support.pivotal.io/hc/en-us/articles/203809556
>> >
>> > [image: support] <https://support.pivotal.io/> [image: twitter]
>> > <https://twitter.com/pivotal> [image: linkedin]
>> > <https://www.linkedin.com/company/3048967> [image: facebook]
>> > <https://www.facebook.com/pivotalsoftware> [image: google plus]
>> > <https://plus.google.com/+Pivotal> [image: youtube]
>> > <
>> https://www.youtube.com/playlist?list=PLAdzTan_eSPScpj2J50ErtzR9ANSzv3kl>
>>
>>
>
> --
> Juan José Ramos Cassella
> Senior Technical Support Engineer
> Email: jramos@pivotal.io
> Office#: +353 21 4238611
> Mobile#: +353 87 2074066
> After Hours Contact#: +1 877 477 2269
> Office Hours: Mon - Thu 08:30 - 17:00 GMT. Fri 08:30 - 16:00 GMT
> How to upload artifacts:
> https://support.pivotal.io/hc/en-us/articles/204369073
> How to escalate a ticket:
> https://support.pivotal.io/hc/en-us/articles/203809556
>
> [image: support] <https://support.pivotal.io/> [image: twitter]
> <https://twitter.com/pivotal> [image: linkedin]
> <https://www.linkedin.com/company/3048967> [image: facebook]
> <https://www.facebook.com/pivotalsoftware> [image: google plus]
> <https://plus.google.com/+Pivotal> [image: youtube]
> <https://www.youtube.com/playlist?list=PLAdzTan_eSPScpj2J50ErtzR9ANSzv3kl>
>


-- 
Juan José Ramos Cassella
Senior Technical Support Engineer
Email: jramos@pivotal.io
Office#: +353 21 4238611
Mobile#: +353 87 2074066
After Hours Contact#: +1 877 477 2269
Office Hours: Mon - Thu 08:30 - 17:00 GMT. Fri 08:30 - 16:00 GMT
How to upload artifacts:
https://support.pivotal.io/hc/en-us/articles/204369073
How to escalate a ticket:
https://support.pivotal.io/hc/en-us/articles/203809556

[image: support] <https://support.pivotal.io/> [image: twitter]
<https://twitter.com/pivotal> [image: linkedin]
<https://www.linkedin.com/company/3048967> [image: facebook]
<https://www.facebook.com/pivotalsoftware> [image: google plus]
<https://plus.google.com/+Pivotal> [image: youtube]
<https://www.youtube.com/playlist?list=PLAdzTan_eSPScpj2J50ErtzR9ANSzv3kl>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message