Yep, makes sense, proposal updated.
Cheers
Andrea
On Wed, Mar 22, 2023 at 6:31 PM Jody Garnett <jody.garn...@gmail.com> wrote:
> Indeed if you are just intended to back from a regex; then rephrase the
> javadoc or make the method name more clear than "evaluate":
>
> /**
> * Provide implementation to evaluate location/URL/URI passed in
> string form
> *
> * @param location the subject of evaluation
> * @return true if the location is accepted, false otherwise
> */
> boolean evaluate(String location);
>
> "otherwise" above indicates the location would not be accepted.
>
> To clarify intent:
>
> /**
> * Used to confirm location is allowed for use.
> *
> * URLChecker is used to confirm if a location is allowed for use,
> returning {@true} when they recognize a location as permitted.
> * Several URLChecker instances are expected to be available, as long
> as one URLChecker can confirm a location it is permitted for use.
> *
> * @param location Location expressed as URL, URI or path.
> * @return {@code true} indicates the URLChecker can confirm the
> location is allowed for use, {@code false} indicates the URLChecker is
> unable to confirm.
> */
> boolean confirm(String location);
>
> --
> Jody Garnett
>
>
> On Wed, Mar 22, 2023 at 10:07 AM Andrea Aime <
> andrea.a...@geosolutionsgroup.com> wrote:
>
>> Hi Jody,
>> while the suggestion seems to clarify things, it seems to me it's making
>> the implementation harder.
>>
>> With a regular expression based system, how do you distinguish BLOCK and
>> NO_OPINION (imagine we'd have different implementations, one based on
>> regexes for user configured sites, and another one for the well known
>> schema sites, such as schemas.opengis.org and xml.org, or a dynamic one
>> allowing a store to declare that the server it's talking to is safe).
>>
>> The idea here is that the URL is now allowed, unless explicitly approved.
>> All that we're looking for is a "yes".
>> The problem with the other state, is that it's really just "not yes",
>> without any extra useful semantic attached to it.
>>
>> Having a state like "BLOCK" would imply the implementation is based on a
>> black list instead (anything but not this one).
>> Do you have a use case for it?
>>
>> Cheers
>> Andrea
>>
>>
>>
>> On Wed, Mar 22, 2023 at 5:45 PM Jody Garnett <jody.garn...@gmail.com>
>> wrote:
>>
>>> The URL checker has a yes/no response - but is written as a yes/don’t
>>> care - since to access only one URL checker needs to say yes.
>>>
>>> To address feedback:
>>> - Adjust javadoc, or
>>> - Provide three states: ALLOW, BLOCK, NO_OPINION
>>>
>>> My preference is to return an Enum even if just two states are permitted
>>> to prevent any confusion.
>>>
>>> On Wed, Mar 22, 2023 at 9:15 AM Andrea Aime <
>>> andrea.a...@geosolutionsgroup.com> wrote:
>>>
>>>> HI all,
>>>> this is a revival of the old GSIP-189, a bit modernized, with a smaller
>>>> initial scope (that should help us get an implementation going safeguarding
>>>> some remote access functionality sooner rather than later).
>>>>
>>>> Please review, discuss, vote:
>>>> https://github.com/geoserver/geoserver/wiki/GSIP-218
>>>>
>>>> Best regards
>>>> Andrea
>>>>
>>>>
>>>> ==
>>>> GeoServer Professional Services from the experts!
>>>>
>>>> Visit http://bit.ly/gs-services-us for more information.
>>>> ==
>>>>
>>>> Ing. Andrea Aime
>>>> @geowolf
>>>> Technical Lead
>>>>
>>>> GeoSolutions Group
>>>> phone: +39 0584 962313
>>>>
>>>> fax: +39 0584 1660272
>>>>
>>>> mob: +39 339 8844549
>>>>
>>>> https://www.geosolutionsgroup.com/
>>>>
>>>> http://twitter.com/geosolutions_it
>>>>
>>>> -------------------------------------------------------
>>>>
>>>> Con riferimento alla normativa sul trattamento dei dati personali (Reg.
>>>> UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
>>>> precisa che ogni circostanza inerente alla presente email (il suo
>>>> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
>>>> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
>>>> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
>>>> operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
>>>>
>>>> This email is intended only for the person or entity to which it is
>>>> addressed and may contain information that is privileged, confidential or
>>>> otherwise protected from disclosure. We remind that - as provided by
>>>> European Regulation 2016/679 “GDPR” - copying, dissemination or use of this
>>>> e-mail or the information herein by anyone other than the intended
>>>> recipient is prohibited. If you have received this email by mistake, please
>>>> notify us immediately by telephone or e-mail
>>>> _______________________________________________
>>>> GeoTools-Devel mailing list
>>>> GeoTools-Devel@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/geotools-devel
>>>>
>>> --
>>> --
>>> Jody Garnett
>>>
>>
>>
>> --
>>
>> Regards,
>>
>> Andrea Aime
>>
>> ==
>> GeoServer Professional Services from the experts!
>>
>> Visit http://bit.ly/gs-services-us for more information.
>> ==
>>
>> Ing. Andrea Aime
>> @geowolf
>> Technical Lead
>>
>> GeoSolutions Group
>> phone: +39 0584 962313
>>
>> fax: +39 0584 1660272
>>
>> mob: +39 339 8844549
>>
>> https://www.geosolutionsgroup.com/
>>
>> http://twitter.com/geosolutions_it
>>
>> -------------------------------------------------------
>>
>> Con riferimento alla normativa sul trattamento dei dati personali (Reg.
>> UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
>> precisa che ogni circostanza inerente alla presente email (il suo
>> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
>> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
>> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
>> operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
>>
>> This email is intended only for the person or entity to which it is
>> addressed and may contain information that is privileged, confidential or
>> otherwise protected from disclosure. We remind that - as provided by
>> European Regulation 2016/679 “GDPR” - copying, dissemination or use of this
>> e-mail or the information herein by anyone other than the intended
>> recipient is prohibited. If you have received this email by mistake, please
>> notify us immediately by telephone or e-mail
>>
>
--
Regards,
Andrea Aime
==
GeoServer Professional Services from the experts!
Visit http://bit.ly/gs-services-us for more information.
==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions Group
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
https://www.geosolutionsgroup.com/
http://twitter.com/geosolutions_it
-------------------------------------------------------
Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE
2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
precisa che ogni circostanza inerente alla presente email (il suo
contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
This email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential or
otherwise protected from disclosure. We remind that - as provided by
European Regulation 2016/679 “GDPR” - copying, dissemination or use of this
e-mail or the information herein by anyone other than the intended
recipient is prohibited. If you have received this email by mistake, please
notify us immediately by telephone or e-mail
_______________________________________________
GeoTools-Devel mailing list
GeoTools-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geotools-devel
