> On June 1, 2017, 9:47 p.m., Patrick Rhomberg wrote:
> > geode-core/src/main/java/org/apache/geode/management/internal/security/ResourceOperation.java
> > Line 29 (original), 30 (patched)
> > <https://reviews.apache.org/r/59692/diff/4/?file=1738269#file1738269line33>
> >
> >     Is it possible to make this `@Repeatable`?  There are some operations 
> > that require multiple security permissions, and it would be nice to be able 
> > to just annotate those functions twice.
> >     
> >     For instance, `DistributedSystemMXBean.backupAllMembers` should have 
> > `DATA:READ` and `CLUSTER:WRITE:DISK`.
> 
> Jinmei Liao wrote:
>     I tried to do this, but it's more involved than just adding the 
> repeatable annoation here. The user of these annotations will need to be 
> updated to handle multiple values. Possibly for future enhancement.
> 
> Patrick Rhomberg wrote:
>     Here's a diff on my branch that I think does what we want.
>     
>     
> https://github.com/PurelyApplied/geode/commit/e82688ffb08e4b4542d2f440cb62d46d2b7bcf3c
>     
>     Am I missing a use case where 
> `method.getAnnotation(ResourceOperation.class)` is going to be used by some 
> user's custom implementations?  Because otherwise we only need to change the 
> annotation processing in `CommandProcessor::executeCommand`, as far as I can 
> tell.

this works for annotations we added on commands. This annotation is also used 
on MXBeans, e.g. MemberMXBean, the place where it's parsing that info is in 
MBeanServerWrapper.getOperationContext(), that's where it's give us hickups.


- Jinmei


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59692/#review176684
-----------------------------------------------------------


On June 2, 2017, 4:08 p.m., Jinmei Liao wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59692/
> -----------------------------------------------------------
> 
> (Updated June 2, 2017, 4:08 p.m.)
> 
> 
> Review request for geode, Emily Yeh, Jared Stewart, Ken Howe, Kirk Lund, and 
> Patrick Rhomberg.
> 
> 
> Repository: geode
> 
> 
> Description
> -------
> 
> GEODE-2925: add target for resource operation for finer grained security
> 
> 
> Diffs
> -----
> 
>   
> geode-core/src/main/java/org/apache/geode/examples/security/ExampleSecurityManager.java
>  84f97de56 
>   
> geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
>  f9fade1cf 
>   
> geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
>  14784c391 
>   
> geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/DiskStoreCommands.java
>  64fafda84 
>   
> geode-core/src/main/java/org/apache/geode/management/internal/cli/remote/CommandProcessor.java
>  c2c6e1425 
>   
> geode-core/src/main/java/org/apache/geode/management/internal/security/AccessControlMBean.java
>  6514a33e5 
>   
> geode-core/src/main/java/org/apache/geode/management/internal/security/MBeanServerWrapper.java
>  fe79efbed 
>   
> geode-core/src/main/java/org/apache/geode/management/internal/security/ResourceOperation.java
>  db3a1872a 
>   geode-core/src/main/java/org/apache/geode/security/ResourcePermission.java 
> 45da46441 
>   
> geode-core/src/test/java/org/apache/geode/management/internal/security/ResourcePermissionTest.java
>  b728b271e 
>   
> geode-core/src/test/java/org/apache/geode/management/internal/security/TestCommand.java
>  3f8f4d9d4 
>   
> geode-core/src/test/java/org/apache/geode/security/SimpleSecurityManagerTest.java
>  2d6fbcaeb 
>   geode-core/src/test/java/org/apache/geode/security/TestSecurityManager.java 
> 6080b5de8 
>   
> geode-core/src/test/resources/org/apache/geode/codeAnalysis/excludedClasses.txt
>  9cff80d19 
>   
> geode-web-api/src/main/java/org/apache/geode/rest/internal/web/security/RestSecurityService.java
>  80ff719b0 
> 
> 
> Diff: https://reviews.apache.org/r/59692/diff/6/
> 
> 
> Testing
> -------
> 
> precheckin runing
> 
> 
> Thanks,
> 
> Jinmei Liao
> 
>

Reply via email to