ctubbsii commented on code in PR #96: URL: https://github.com/apache/accumulo-access/pull/96#discussion_r2669673124
########## core/src/main/java/org/apache/accumulo/access/AuthorizationValidator.java: ########## @@ -0,0 +1,109 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.accumulo.access; + +import java.util.function.BiPredicate; + +/** + * Implementations validate authorizations for Accumulo Access. Creating implementations that are + * stricter for a given domain can help avoid expressions that contain unexpected and unused + * authorizations. + * + * <p> + * When an authorization is quoted and/or escaped in access expression that is undone before is + * passed to this predicate. Conceptually it is like {@link AccumuloAccess#unquote(String)} is + * called prior to being passed to this predicate. If the authorization was quoted that information + * is passed along is it may be useful for optimizations. + * + * <p> + * A CharSequence is passed to this predicate for efficiency. It allows having a view into the + * larger expression at parse time without any memory allocations. It is not safe to keep a + * reference to the passed in char sequence as it is only stable while the predicate is called. If a + * reference needs to be kept for some side effect, then call {@code toString()} to allocate a copy. + * Avoiding calls to {@code toString()} will result in faster parsing. + * </p> + * + * @since 1.0.0 + */ +public interface AuthorizationValidator + extends BiPredicate<CharSequence,AuthorizationValidator.AuthorizationQuoting> { + + /** + * @since 1.0.0 + */ + enum AuthorizationQuoting { + /** + * Denotes that an authorization seen in a valid access expression was quoted. This may mean the + * expression has extra characters not seen in an unquoted authorization. + */ + QUOTED, + /** + * Denotes that an authorization seen in a valid access expression was unquoted. This means the + * expression only contains the characters allowed in an unquoted authorization. + */ + UNQUOTED Review Comment: In the case where the predicate is used to evaluate a newly constructed Authorizations, then each individual authorization string in that will never be quoted. So, the concept of quoted/unquoted doesn't make sense for that case. Further, if you assume unquoted, and always pass that enum for that case, then it prevents a user from making a more restricted Predicate that ensures all authorizations are quoted or that all of them are unquoted. A user may want such a restricted predicate, to normalize their AccessExpressions, because the quotes still affect the lexical ordering of the expressions for keys stored in Accumulo, or the efficiency of the evaluator cache (because there could be different cache entries for the equivalent access expressions that differ only by optional quotes). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
