Versions Compared

Old Version 12

changes.mady.by.user Juan Ramos

Saved on

compared with

New Version 13

changes.mady.by.user Juan Ramos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Interface contract and errata section.

...

Authorizer \ ThreatReflectionCache AccessRegion AccessEntry Modification
RestrictedMethodAuthorizer(tick)(tick)(tick)(tick)
GeodeBasedMethodAuthorizer(tick)(tick)(tick)cross (x)(error)
RegexBasedMethodAuthorizer(tick)(tick)(tick)(error)
JavaBeanAccessorBasedMethodAuthorizer(tick)(tick)(tick)(error)

...

This interface is intended to be implemented by users that want a custom authorization mechanism, and by the out of the box implementations as well. The interface will have only one method and it should return a boolean indicating whether the specified method is allowed to be executed on the target object or not. For those situations on which the authorization can not be determined, the a non-checked NotAuthorizedException exception should be thrown.

The authorize method will be called for every traversed object as part of the query execution, so it's extremely important that the implementation is lighting fast.

...

  boolean authorize(Method method, Object target) throws NotAuthorizedException;

}


Implementations of this interface must be thread-safe as more than one thread might invoke the method at the same time.

...

  return restrictedAuthorizer.isAllowedGeodeMethod(method, target);

}

Advantages

  • Easy to use tinymce.emotions_dlg.add(plus).
  • No extra configuration needed tinymce.emotions_dlg.add(plus).
  • Implicit and Explicit methods can be executed on objects stored within the regions (plus).

...

The primary problem with these solutions is that they force the user to modify the domain model and, also, add extra unnecessary coupling. With this proposal, anyway, the user can ultimately use these frameworks by just providing their own authorizer implementation and check the annotation in order to allow/deny the method execution.

Errata

None so farThe contract for the interface MethodInvocationAuthorizer won't include a throws clause for the NotAuthorizedException class, that exception was designed to indicate that the subject is not allowed to execute a particular operation, not to indicate that a problem has occurred and that the authorization can not be determined. Since Geode can't do anything to recover from such errors and doesn't have any insights about the actual implementation, a non checked exception should be thrown whenever there's an error while executing the authorization logic.