You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2019/05/08 12:19:00 UTC

[jira] [Comment Edited] (OAK-8155) CompositePermissionProvider: add possibility to abort evaluation

    [ https://issues.apache.org/jira/browse/OAK-8155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16835541#comment-16835541 ] 

angela edited comment on OAK-8155 at 5/8/19 12:18 PM:
------------------------------------------------------

[~stillalex], improved patch that would only allow for abortion if the given {{AggregatedPermissionProvider}} supported the targeted permissions, essentially moving the test for abortion inside the {{doEvaluate}} blocks. test patch reflects that by covering both cases: 
a) the aborting provider supports the target permission -> doAbort is invoked and the subsequent providers are omitted from the evaluation, 
b) the aborting provider returns NO_PERMISSION -> doAbort is never invoked and all providers take part in the evaluation.


was (Author: anchela):
[~stillalex], improved patch that would only allow for abortion if the given {{AggregatedPermissionProvider}} supported the targeted permissions, essentially moving the test for abortion inside the {{doEvaluate}} blocks. test patch reflects that by covering both cases: a) the aborting provider supports the target permission -> doAbort is invoked and the subsequent providers are omitted from the evaluation, b) the aborting provider returns NO_PERMISSION -> doAbort is never invoked and all providers take part in the evaluation.

> CompositePermissionProvider: add possibility to abort evaluation
> ----------------------------------------------------------------
>
>                 Key: OAK-8155
>                 URL: https://issues.apache.org/jira/browse/OAK-8155
>             Project: Jackrabbit Oak
>          Issue Type: New Feature
>          Components: security, security-spi
>            Reporter: angela
>            Assignee: angela
>            Priority: Major
>         Attachments: OAK-8155-2-test.patch, OAK-8155-2.patch, OAK-8155-test.patch, OAK-8155.patch
>
>
> when aggregating multiple authorization models we currently have the ability to choose between CompositionType.AND and CompositionType.OR for the evaluation of effective permissions. In other words as soon as more than 1 PermissionProvider is present for the evaluation the results of that evaluation are either combined in an AND or OR fashion.
> however, we currently lack the ability to stop or abort the evaluation if a given provider instance was 'sufficient' to determine if a given set of permissions is granted or denied. 
> [~stillalex], let's discuss ideas and options on how we could achieve this.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)