You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@geode.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2019/09/23 19:13:00 UTC
[jira] [Commented] (GEODE-6985) Implement
RestrictedMethodAuthorizer
[ https://issues.apache.org/jira/browse/GEODE-6985?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16936129#comment-16936129 ]
ASF subversion and git services commented on GEODE-6985:
--------------------------------------------------------
Commit 7e26822cd4f00b083672255ed30f201fd3318f31 in geode's branch refs/heads/develop from Juan José Ramos
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=7e26822 ]
GEODE-6985: Implement RestrictedMethodAuthorizer (#4077)
- Fixed minor warnings.
- Made the class final, immutable and thread safe.
- Added comprehensive javadocs to all public methods.
- Added several unit tests for the class and all public methods.
- Added methods 'isAllowedGeodeMethod' and 'isKnownDangerousMethod'.
> Implement RestrictedMethodAuthorizer
> ------------------------------------
>
> Key: GEODE-6985
> URL: https://issues.apache.org/jira/browse/GEODE-6985
> Project: Geode
> Issue Type: New Feature
> Components: querying
> Reporter: Juan José Ramos Cassella
> Assignee: Juan José Ramos Cassella
> Priority: Major
> Labels: GeodeCommons
> Time Spent: 40m
> Remaining Estimate: 0h
>
> Implement the [RestrictedMethodAuthorizer|https://cwiki.apache.org/confluence/display/GEODE/OQL+Method+Invocation+Security#OQLMethodInvocationSecurity-RestrictedMethodAuthorizer] class.
> * Make sure the class is immutable and thread safe.
> * Add two new public methods to the implementation:
> ** {{isAllowedGeodeMethod}}: it should return {{true}} when the {{Method}} on the target {{Object}} is considered safe ({{Region.get}}, {{Region.entrySet}}, {{Region.keySet}}, {{Region.values}}, {{Region.getEntries}}, {{Region.getValues}}, {{Region.containsKey}}, {{Region.getKey}} and {{Region.getValue}}), and {{false}} otherwise.
> ** {{isKnownDangerousMethod}}: it should return {{true}} when the {{Method}} on the target {{Object}} is known to be a non-safe method. Including but not limited to {{getClass}}, which allows the user to execute anything using reflection.
> * Implement unit tests for the class and all of its methods.
> * Add comprehensive and clear documentation to the class and all its public methods so customers can use it without leaving their IDE.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)