portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ate Douma <...@douma.nu>
Subject Re: Odd critera and API types in Security
Date Wed, 04 Feb 2009 21:15:37 GMT
Ate Douma wrote:
> Hi Randy,
> 
> 
> Finally, concerning the first issue about the 'domainId' criteria usage 
> in JetspeedSecurityPersistenceManager revoke[All]Permission() methods: 
> yes, AFAICS that is needed in the case of a passed in 
> TransientJetspeedPrincipal or JetspeedPrincipal without an id.
> Now that we have domain separation of Principals within the database 
> (currently only used so far for SSO principals, but in the future we 
> want to expand this to a full multiple domain security feature 
> throughout Jetspeed), if you don't have a JetspeedPrincipal id (uniquely 
> identifying a principal *across* domains) adding the (currently only 
> used default) domainId as filter is required to prevent accidentally 
> revoking [All] permissions from more than one principal which just 
> happen to use the same name (and type).
As Randy just pointed out to me, the domainId usage in above methods *is* incorrect (not the
using it in the first place).
I just misunderstood the question :)

Thanks for pointing this one out Randy, I'll fix it right away.
Luckily JPA is better at validating queries upfront, in contrast to OJB (or our testcases
for that matter...)

Regards,

Ate

> 
> Regards,
> 
> Ate
> 
> Randy Watler wrote:
>> Ate/Dennis,
>>
>> I got a little confused with the interface/class names with 
>> PersistentJetspeedPermission... it is obviously fine for APIs since it 
>> is an interface! The similarly named PersistentJetspeedPrincipal is 
>> not an interface. I suppose I am wondering if we should try to make 
>> the naming consistent by introducing a PersistentJetspeedPrincipalImpl 
>> class and define PersistentJetspeedPrincipal as an interface or just 
>> use JetspeedPrincipal as the interface in place of 
>> PersistentJetspeedPrincipal in the APIs as I have done so far. Let me 
>> know!
>>
>> Randy
>>
>> Randy Watler wrote:
>>> Ate/Dennis,
>>>
>>> WRT #2, yes, the JetspeedPermissionStoreManager API also has many 
>>> direct references to PersistentJetspeedPermission which I am changing 
>>> to JetspeedPermission as well.
>>>
>>> Randy
>>>
>>> Randy Watler wrote:
>>>> Ate/Dennis,
>>>>
>>>> As you know, I am trolling through Security porting it over to JPA. 
>>>> I noticed a few minor things in the process that you might be 
>>>> interested in looking at:
>>>>
>>>> 1. In JetspeedSecurityPersistenceManager revoke[All]Permission() 
>>>> methods, the 'domainId' criteria appear to be incorrect. Should 
>>>> these really be criteria on 'principal.domainId'?
>>>>
>>>> 2. In the security API JetspeedPermissionAccessManager, there are 
>>>> two methods specified with concrete class argument types instead of 
>>>> API interfaces: getPermissions(PersistentJetspeedPrincipal 
>>>> principal) and getPrincipals(PersistentJetspeedPermission 
>>>> permission, ...). I have had to change these to JetspeedPrincipal 
>>>> and JetspeedPermission, respectively, so that I can implement a JPA 
>>>> version of the access manager. Please let me know if we need to 
>>>> implement 'persistence' capable interfaces or if this was just an 
>>>> oversight.
>>>>
>>>> Thanks,
>>>>
>>>> Randy
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
>>>> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>>>>
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
>>> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
>> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>>
>>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message