Indeed if you are just intended to back from a regex; then rephrase the
javadoc or make the method name more clear than "evaluate":
/**
* Provide implementation to evaluate location/URL/URI passed in string
form
*
* @param location the subject of evaluation
* @return true if the location is accepted, false otherwise
*/
boolean evaluate(String location);
"otherwise" above indicates the location would not be accepted.
To clarify intent:
/**
* Used to confirm location is allowed for use.
*
* URLChecker is used to confirm if a location is allowed for use,
returning {@true} when they recognize a location as permitted.
* Several URLChecker instances are expected to be available, as long
as one URLChecker can confirm a location it is permitted for use.
*
* @param location Location expressed as URL, URI or path.
* @return {@code true} indicates the URLChecker can confirm the
location is allowed for use, {@code false} indicates the URLChecker is
unable to confirm.
*/
boolean confirm(String location);
--
Jody Garnett
On Wed, Mar 22, 2023 at 10:07 AM Andrea Aime <
andrea.a...@geosolutionsgroup.com> wrote:
> Hi Jody,
> while the suggestion seems to clarify things, it seems to me it's making
> the implementation harder.
>
> With a regular expression based system, how do you distinguish BLOCK and
> NO_OPINION (imagine we'd have different implementations, one based on
> regexes for user configured sites, and another one for the well known
> schema sites, such as schemas.opengis.org and xml.org, or a dynamic one
> allowing a store to declare that the server it's talking to is safe).
>
> The idea here is that the URL is now allowed, unless explicitly approved.
> All that we're looking for is a "yes".
> The problem with the other state, is that it's really just "not yes",
> without any extra useful semantic attached to it.
>
> Having a state like "BLOCK" would imply the implementation is based on a
> black list instead (anything but not this one).
> Do you have a use case for it?
>
> Cheers
> Andrea
>
>
>
> On Wed, Mar 22, 2023 at 5:45 PM Jody Garnett <jody.garn...@gmail.com>
> wrote:
>
>> The URL checker has a yes/no response - but is written as a yes/don’t
>> care - since to access only one URL checker needs to say yes.
>>
>> To address feedback:
>> - Adjust javadoc, or
>> - Provide three states: ALLOW, BLOCK, NO_OPINION
>>
>> My preference is to return an Enum even if just two states are permitted
>> to prevent any confusion.
>>
>> On Wed, Mar 22, 2023 at 9:15 AM Andrea Aime <
>> andrea.a...@geosolutionsgroup.com> wrote:
>>
>>> HI all,
>>> this is a revival of the old GSIP-189, a bit modernized, with a smaller
>>> initial scope (that should help us get an implementation going safeguarding
>>> some remote access functionality sooner rather than later).
>>>
>>> Please review, discuss, vote:
>>> https://github.com/geoserver/geoserver/wiki/GSIP-218
>>>
>>> Best regards
>>> Andrea
>>>
>>>
>>> ==
>>> GeoServer Professional Services from the experts!
>>>
>>> Visit http://bit.ly/gs-services-us for more information.
>>> ==
>>>
>>> Ing. Andrea Aime
>>> @geowolf
>>> Technical Lead
>>>
>>> GeoSolutions Group
>>> phone: +39 0584 962313
>>>
>>> fax: +39 0584 1660272
>>>
>>> mob: +39 339 8844549
>>>
>>> https://www.geosolutionsgroup.com/
>>>
>>> http://twitter.com/geosolutions_it
>>>
>>> -------------------------------------------------------
>>>
>>> Con riferimento alla normativa sul trattamento dei dati personali (Reg.
>>> UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
>>> precisa che ogni circostanza inerente alla presente email (il suo
>>> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
>>> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
>>> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
>>> operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
>>>
>>> This email is intended only for the person or entity to which it is
>>> addressed and may contain information that is privileged, confidential or
>>> otherwise protected from disclosure. We remind that - as provided by
>>> European Regulation 2016/679 “GDPR” - copying, dissemination or use of this
>>> e-mail or the information herein by anyone other than the intended
>>> recipient is prohibited. If you have received this email by mistake, please
>>> notify us immediately by telephone or e-mail
>>> _______________________________________________
>>> GeoTools-Devel mailing list
>>> GeoTools-Devel@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/geotools-devel
>>>
>> --
>> --
>> Jody Garnett
>>
>
>
> --
>
> Regards,
>
> Andrea Aime
>
> ==
> GeoServer Professional Services from the experts!
>
> Visit http://bit.ly/gs-services-us for more information.
> ==
>
> Ing. Andrea Aime
> @geowolf
> Technical Lead
>
> GeoSolutions Group
> phone: +39 0584 962313
>
> fax: +39 0584 1660272
>
> mob: +39 339 8844549
>
> https://www.geosolutionsgroup.com/
>
> http://twitter.com/geosolutions_it
>
> -------------------------------------------------------
>
> Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE
> 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
> precisa che ogni circostanza inerente alla presente email (il suo
> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
> operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
>
> This email is intended only for the person or entity to which it is
> addressed and may contain information that is privileged, confidential or
> otherwise protected from disclosure. We remind that - as provided by
> European Regulation 2016/679 “GDPR” - copying, dissemination or use of this
> e-mail or the information herein by anyone other than the intended
> recipient is prohibited. If you have received this email by mistake, please
> notify us immediately by telephone or e-mail
>
_______________________________________________
GeoTools-Devel mailing list
GeoTools-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geotools-devel
