You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@geode.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2019/09/23 19:13:00 UTC

[jira] [Commented] (GEODE-6985) Implement RestrictedMethodAuthorizer

    [ https://issues.apache.org/jira/browse/GEODE-6985?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16936129#comment-16936129 ] 

ASF subversion and git services commented on GEODE-6985:
--------------------------------------------------------

Commit 7e26822cd4f00b083672255ed30f201fd3318f31 in geode's branch refs/heads/develop from Juan José Ramos
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=7e26822 ]

GEODE-6985: Implement RestrictedMethodAuthorizer (#4077)

- Fixed minor warnings.
- Made the class final, immutable and thread safe.
- Added comprehensive javadocs to all public methods.
- Added several unit tests for the class and all public methods.
- Added methods 'isAllowedGeodeMethod' and 'isKnownDangerousMethod'.

> Implement RestrictedMethodAuthorizer
> ------------------------------------
>
>                 Key: GEODE-6985
>                 URL: https://issues.apache.org/jira/browse/GEODE-6985
>             Project: Geode
>          Issue Type: New Feature
>          Components: querying
>            Reporter: Juan José Ramos Cassella
>            Assignee: Juan José Ramos Cassella
>            Priority: Major
>              Labels: GeodeCommons
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> Implement the [RestrictedMethodAuthorizer|https://cwiki.apache.org/confluence/display/GEODE/OQL+Method+Invocation+Security#OQLMethodInvocationSecurity-RestrictedMethodAuthorizer] class.
> * Make sure the class is immutable and thread safe.
> * Add two new public methods to the implementation:
> ** {{isAllowedGeodeMethod}}: it should return {{true}} when the {{Method}} on the target {{Object}} is considered safe ({{Region.get}}, {{Region.entrySet}}, {{Region.keySet}}, {{Region.values}}, {{Region.getEntries}}, {{Region.getValues}}, {{Region.containsKey}}, {{Region.getKey}} and {{Region.getValue}}), and {{false}} otherwise.
>  ** {{isKnownDangerousMethod}}: it should return {{true}} when the {{Method}} on the target {{Object}} is known to be a non-safe method. Including but not limited to {{getClass}}, which allows the user to execute anything using reflection.
> * Implement unit tests for the class and all of its methods.
> * Add comprehensive  and clear documentation to the class and all its public methods so customers can use it without leaving their IDE.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)