[
https://issues.apache.org/jira/browse/GEODE-4819?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dan Smith resolved GEODE-4819.
------------------------------
Resolution: Fixed
Assignee: Dan Smith
Fix Version/s: 1.6.0
> Protobuf authorization state check needs to be refactored
> ---------------------------------------------------------
>
> Key: GEODE-4819
> URL: https://issues.apache.org/jira/browse/GEODE-4819
> Project: Geode
> Issue Type: New Feature
> Components: client/server
> Reporter: Brian Rowe
> Assignee: Dan Smith
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.6.0
>
> Time Spent: 3h 10m
> Remaining Estimate: 0h
>
> The original authorization flow for the protobuf (in the
> ProtobufConnectionAuthorizingStateProcessor) would simply check whether the
> user had the permission statically defined in the operations context and then
> pass it to the handler if the check passed (doing the appropriate thread
> local modifications in the state processor call). With fine grained
> permissions, we now generally have to have the operator parse out the
> relevant fields to even determine the permission required. The batch
> operations are even worse in this regard as we'll potentially make many
> authorization requests and need to handle the failures individually, which
> forces us to include some level of nasty thread local management in the
> handler itself (making it very easy to introduce bugs if this isn't done
> correctly). We should reevaluate how we make the authorization calls and see
> if theres a more straightforward, less error-prone approach we can use.
> Bonus points if we can push this down into some intermediate object
> implementing the Region interface which can also be used by the old protocol
> and REST API.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
