----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/33411/ -----------------------------------------------------------
Review request for Aurora, Joshua Cohen and Bill Farner. Repository: aurora Description ------- Working on an implementation of a Shiro Realm to replace the old CapabilityValidator I realized we're missing some information with the new API. This patch allows a Realm implementation to optionally introspect a permission check for Aurora-specific information about exactly what's being attempted, while maintaining compatibility with Shiro realms that don't know anything about Aurora, such as the included IniRealm. To do this I've added a new SPI package, and documented backwards-compatibility considerations with it. The idea is that a third party can write an Aurora-aware Shiro Realm module against a stable ABI and gets one release to update it if we want to make changes to it. Diffs ----- config/findbugs/excludeFilter.xml 0bff71c33dff8c92fdf5e841c04ee1460c50937b src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java 0265e2a1e4cad3f569501521f1bf25d7caa9da44 src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingInterceptor.java 7a124cccad2e02e7c4f16c3c7fc8bd662bcb5360 src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptor.java fde6c84e297d35b3e10f12a95e12dfb7ab1b477f src/main/java/org/apache/aurora/scheduler/spi/Permissions.java PRE-CREATION src/main/java/org/apache/aurora/scheduler/spi/package-info.java PRE-CREATION src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingInterceptorTest.java 16f2da5207ce2a3f866fa3a51c02c11d1b58a439 src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java 781cf5add1555187757a0254a96f201bc74a1e27 Diff: https://reviews.apache.org/r/33411/diff/ Testing ------- ./gradlew -Pq build Thanks, Kevin Sweeney