You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jena.apache.org by "Andy Seaborne (JIRA)" <ji...@apache.org> on 2015/07/19 12:49:04 UTC

[jira] [Comment Edited] (JENA-990) rename the UpdateDeniedException

    [ https://issues.apache.org/jira/browse/JENA-990?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14632778#comment-14632778 ] 

Andy Seaborne edited comment on JENA-990 at 7/19/15 10:48 AM:
--------------------------------------------------------------

> Basically if the graph is read-only authentication will not solve the add denied exception – right?

Yes, a read-only graph is not a (necessarily) security issue. Hence:

I think the The "AccessDeniedException" I suggested is what you call AuthenticationRequiredException.

I haven't see a case of a situation which is OperationDeniedException but not AccessDeniedException and it seems there is redundancy:

OperationDeniedException > AddDeniedException
OperationDeniedException > DeleteDeniedException
OperationDeniedException > AuthenticationRequiredException

Should there be an PermissionsFailedException to go with AuthenticationRequiredException?  PermissionsFailedException means that authentication says no.

AuthenticationRequiredException => 403
PermissionsFailedException => 401

AddDeniedException => "Can't": not a security issue => 400


was (Author: andy.seaborne):
> Basically if the graph is read-only authentication will not solve the add denied exception – right?

Yes, a rtead-only graph is not a security issue. Hence:

OperationDeniedException > AddDeniedException
OperationDeniedException > DeleteDeniedException
OperationDeniedException > AuthenticationRequiredException

I haven't see a case of a situation which is OperationDeniedException but not AccessDeniedException.  I think the The "AccessDeniedException" I suggested is what you call AuthenticationRequiredException.

>  rename the UpdateDeniedException
> ---------------------------------
>
>                 Key: JENA-990
>                 URL: https://issues.apache.org/jira/browse/JENA-990
>             Project: Apache Jena
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: Jena 3.0.0
>            Reporter: Claude Warren
>            Assignee: Claude Warren
>            Priority: Minor
>
> As noted in a discussion on the dev list between myself and Andy this update is to rename the current UpdateDeniedException to AccessDeniedException and extend it from a newly created OperationDeniedException.
> AddDeniedException and DeleteDeniedException will extend AccessDeniedException.
> jena-permissions will extend AccessDeniedException to create:
> ReadDeniedException -- for read restrictions
> UpdateDeniedException -- for update restrictions (modifying triples that already exists as opposed to adding new triples)
> This will allow Fuskei to properly respond to the case where jena-permissions is in place and there are update restrictions in place.  Currently Fuseki returns this as a 500 error.  Once we have a common permission denied exception we can return either authentication required or access denied as appropriate.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)