You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2019/05/08 12:19:00 UTC
[jira] [Comment Edited] (OAK-8155) CompositePermissionProvider: add
possibility to abort evaluation
[ https://issues.apache.org/jira/browse/OAK-8155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16835541#comment-16835541 ]
angela edited comment on OAK-8155 at 5/8/19 12:18 PM:
------------------------------------------------------
[~stillalex], improved patch that would only allow for abortion if the given {{AggregatedPermissionProvider}} supported the targeted permissions, essentially moving the test for abortion inside the {{doEvaluate}} blocks. test patch reflects that by covering both cases:
a) the aborting provider supports the target permission -> doAbort is invoked and the subsequent providers are omitted from the evaluation,
b) the aborting provider returns NO_PERMISSION -> doAbort is never invoked and all providers take part in the evaluation.
was (Author: anchela):
[~stillalex], improved patch that would only allow for abortion if the given {{AggregatedPermissionProvider}} supported the targeted permissions, essentially moving the test for abortion inside the {{doEvaluate}} blocks. test patch reflects that by covering both cases: a) the aborting provider supports the target permission -> doAbort is invoked and the subsequent providers are omitted from the evaluation, b) the aborting provider returns NO_PERMISSION -> doAbort is never invoked and all providers take part in the evaluation.
> CompositePermissionProvider: add possibility to abort evaluation
> ----------------------------------------------------------------
>
> Key: OAK-8155
> URL: https://issues.apache.org/jira/browse/OAK-8155
> Project: Jackrabbit Oak
> Issue Type: New Feature
> Components: security, security-spi
> Reporter: angela
> Assignee: angela
> Priority: Major
> Attachments: OAK-8155-2-test.patch, OAK-8155-2.patch, OAK-8155-test.patch, OAK-8155.patch
>
>
> when aggregating multiple authorization models we currently have the ability to choose between CompositionType.AND and CompositionType.OR for the evaluation of effective permissions. In other words as soon as more than 1 PermissionProvider is present for the evaluation the results of that evaluation are either combined in an AND or OR fashion.
> however, we currently lack the ability to stop or abort the evaluation if a given provider instance was 'sufficient' to determine if a given set of permissions is granted or denied.
> [~stillalex], let's discuss ideas and options on how we could achieve this.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)