geode-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Juan José Ramos <jra...@pivotal.io>
Subject Re: [PROPOSAL]: Improve OQL Method Invocation Security
Date Fri, 05 Jul 2019 17:41:06 GMT
Hello Jake,

I've replied something similar *here [1]*.
Long story short, I haven't found anything that really applies to our use
case. The "most similar solution" is *Spring Method Security [2]*, which
basically implies annotating methods with explicit configuration about the
roles required to execute them. The same goes for *Shiro **Annotation-based
Authorization [3]*. The *AnnotationBasedMethodAuthorize**r [3]* approach
from the proposal is somewhat similar to this, but I've discarded it
because if forces the user to annotate classes with our own annotations,
basically forcing them to modify their domain model.
The proposal basically allows our users to use one of the default of the
box implementations and, if they don't like them for whatever reason, is
flexible enough so they can ultimately provide their own.
Hope this helps.
Cheers.

[1]:
https://markmail.org/message/ekons7ixtz4jtf7n#query:+page:1+mid:snxgpsqd3yuppmsc+state:results
[2]:
https://docs.spring.io/spring-security/site/docs/5.1.5.RELEASE/reference/html/jc.html#jc-method
[3]:
https://shiro.apache.org/authorization.html#Authorization-AnnotationbasedAuthorization
[4]:
https://cwiki.apache.org/confluence/display/GEODE/OQL+Method+Invocation+Security#OQLMethodInvocationSecurity-AnnotationBasedMethodAuthorizer

On Fri, Jul 5, 2019 at 1:46 PM Jacob Barrett <jbarrett@pivotal.io> wrote:

> So if we don’t want to use the Java built in SecurityManager to solve
> this, because we feel it's too big or too inflexible for our needs, have
> other projects implemented something we can borrow? We can’t be the first
> to need something like this if Java’s solution isn’t a good fit.
>
> Again I want to avoid inventing something new. What prior art is out there?
>
>
> > On Jul 4, 2019, at 1:29 PM, Juan José Ramos <jramos@pivotal.io> wrote:
> >
> > Hello all,
> >
> > If you haven't added my email to the spam folder already :-), then I'd
> like
> > to let you know that I've update again the *Proposal [1]* and
> incorporated
> > most of the feedback provided, along with some additional information and
> > context I missed on the previous versions, thanks all that brought
> concerns
> > and suggestions to the discussion. Please take some time to review it
> > thoroughly, adding comments and/or concerns *only on this email thread*,
> > all feedback is more than welcome.
> > If no major concerns arise before July 12th 2019, I'll go ahead and mark
> > move the proposal to *Development* on July 13th.
> > Best regards.
> >
> > [1]:
> >
> https://cwiki.apache.org/confluence/display/GEODE/OQL+Method+Invocation+Security
>
>

-- 
Juan José Ramos Cassella
Senior Technical Support Engineer
Email: jramos@pivotal.io
Office#: +353 21 4238611
Mobile#: +353 87 2074066
After Hours Contact#: +1 877 477 2269
Office Hours: Mon - Thu 08:30 - 17:00 GMT. Fri 08:30 - 16:00 GMT
How to upload artifacts:
https://support.pivotal.io/hc/en-us/articles/204369073
How to escalate a ticket:
https://support.pivotal.io/hc/en-us/articles/203809556

[image: support] <https://support.pivotal.io/> [image: twitter]
<https://twitter.com/pivotal> [image: linkedin]
<https://www.linkedin.com/company/3048967> [image: facebook]
<https://www.facebook.com/pivotalsoftware> [image: google plus]
<https://plus.google.com/+Pivotal> [image: youtube]
<https://www.youtube.com/playlist?list=PLAdzTan_eSPScpj2J50ErtzR9ANSzv3kl>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message