geode-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jinmei Liao (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (GEODE-2055) Expose GeodePermissionResolver
Date Thu, 03 Nov 2016 17:36:58 GMT

     [ https://issues.apache.org/jira/browse/GEODE-2055?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jinmei Liao updated GEODE-2055:
-------------------------------
    Description: 
1. First, the GeodePermissionResolver [23] is necessary to configure Apache Shiro's provided
(OOTB) Realms correctly.  Otherwise, the security Permissions are not enforced properly (in
a hierarchical fashion as advertised [24], i.e. in section "3. Introduction of ResourcePermission").

I used [25] the GeodePermissionResolver class to configure the Apache Shiro provided (OOTB)
PropertiesRealm implementation [18].

Therefore, the GeodePermissionResolver class must NOT be internal.  This is particularly important
if the user is using Apache Shiro to the fullest extent to configure and secure Apache Geode.

Of course, I could have provided my own implementation of the Apache Shiro PermissionResolver
interface [26] (especially given the simplicity of the GeodePermissionResolver implementation)
but if that implementation every involves more logic behind the scenes, better to "reuse"
then "reinvent" in this case.

> Expose GeodePermissionResolver
> ------------------------------
>
>                 Key: GEODE-2055
>                 URL: https://issues.apache.org/jira/browse/GEODE-2055
>             Project: Geode
>          Issue Type: Sub-task
>            Reporter: Jinmei Liao
>
> 1. First, the GeodePermissionResolver [23] is necessary to configure Apache Shiro's provided
(OOTB) Realms correctly.  Otherwise, the security Permissions are not enforced properly (in
a hierarchical fashion as advertised [24], i.e. in section "3. Introduction of ResourcePermission").
> I used [25] the GeodePermissionResolver class to configure the Apache Shiro provided
(OOTB) PropertiesRealm implementation [18].
> Therefore, the GeodePermissionResolver class must NOT be internal.  This is particularly
important if the user is using Apache Shiro to the fullest extent to configure and secure
Apache Geode.
> Of course, I could have provided my own implementation of the Apache Shiro PermissionResolver
interface [26] (especially given the simplicity of the GeodePermissionResolver implementation)
but if that implementation every involves more logic behind the scenes, better to "reuse"
then "reinvent" in this case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message