You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jena.apache.org by "Andy Seaborne (JIRA)" <ji...@apache.org> on 2015/07/19 12:49:04 UTC
[jira] [Comment Edited] (JENA-990) rename the
UpdateDeniedException
[ https://issues.apache.org/jira/browse/JENA-990?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14632778#comment-14632778 ]
Andy Seaborne edited comment on JENA-990 at 7/19/15 10:48 AM:
--------------------------------------------------------------
> Basically if the graph is read-only authentication will not solve the add denied exception – right?
Yes, a read-only graph is not a (necessarily) security issue. Hence:
I think the The "AccessDeniedException" I suggested is what you call AuthenticationRequiredException.
I haven't see a case of a situation which is OperationDeniedException but not AccessDeniedException and it seems there is redundancy:
OperationDeniedException > AddDeniedException
OperationDeniedException > DeleteDeniedException
OperationDeniedException > AuthenticationRequiredException
Should there be an PermissionsFailedException to go with AuthenticationRequiredException? PermissionsFailedException means that authentication says no.
AuthenticationRequiredException => 403
PermissionsFailedException => 401
AddDeniedException => "Can't": not a security issue => 400
was (Author: andy.seaborne):
> Basically if the graph is read-only authentication will not solve the add denied exception – right?
Yes, a rtead-only graph is not a security issue. Hence:
OperationDeniedException > AddDeniedException
OperationDeniedException > DeleteDeniedException
OperationDeniedException > AuthenticationRequiredException
I haven't see a case of a situation which is OperationDeniedException but not AccessDeniedException. I think the The "AccessDeniedException" I suggested is what you call AuthenticationRequiredException.
> rename the UpdateDeniedException
> ---------------------------------
>
> Key: JENA-990
> URL: https://issues.apache.org/jira/browse/JENA-990
> Project: Apache Jena
> Issue Type: Improvement
> Components: Core
> Affects Versions: Jena 3.0.0
> Reporter: Claude Warren
> Assignee: Claude Warren
> Priority: Minor
>
> As noted in a discussion on the dev list between myself and Andy this update is to rename the current UpdateDeniedException to AccessDeniedException and extend it from a newly created OperationDeniedException.
> AddDeniedException and DeleteDeniedException will extend AccessDeniedException.
> jena-permissions will extend AccessDeniedException to create:
> ReadDeniedException -- for read restrictions
> UpdateDeniedException -- for update restrictions (modifying triples that already exists as opposed to adding new triples)
> This will allow Fuskei to properly respond to the case where jena-permissions is in place and there are update restrictions in place. Currently Fuseki returns this as a 500 error. Once we have a common permission denied exception we can return either authentication required or access denied as appropriate.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)