[jira] [Updated] (GEODE-2055) Expose GeodePermissionResolver

Thu, 03 Nov 2016 10:38:54 -0700 

     [ 
https://issues.apache.org/jira/browse/GEODE-2055?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jinmei Liao updated GEODE-2055:
-------------------------------
    Description: 
1. First, the GeodePermissionResolver [23] is necessary to configure Apache 
Shiro's provided (OOTB) Realms correctly.  Otherwise, the security Permissions 
are not enforced properly (in a hierarchical fashion as advertised [24], i.e. 
in section "3. Introduction of ResourcePermission").

I used [25] the GeodePermissionResolver class to configure the Apache Shiro 
provided (OOTB) PropertiesRealm implementation [18].

Therefore, the GeodePermissionResolver class must NOT be internal.  This is 
particularly important if the user is using Apache Shiro to the fullest extent 
to configure and secure Apache Geode.

Of course, I could have provided my own implementation of the Apache Shiro 
PermissionResolver interface [26] (especially given the simplicity of the 
GeodePermissionResolver implementation) but if that implementation every 
involves more logic behind the scenes, better to "reuse" then "reinvent" in 
this case.

> Expose GeodePermissionResolver
> ------------------------------
>
>                 Key: GEODE-2055
>                 URL: https://issues.apache.org/jira/browse/GEODE-2055
>             Project: Geode
>          Issue Type: Sub-task
>            Reporter: Jinmei Liao
>
> 1. First, the GeodePermissionResolver [23] is necessary to configure Apache 
> Shiro's provided (OOTB) Realms correctly.  Otherwise, the security 
> Permissions are not enforced properly (in a hierarchical fashion as 
> advertised [24], i.e. in section "3. Introduction of ResourcePermission").
> I used [25] the GeodePermissionResolver class to configure the Apache Shiro 
> provided (OOTB) PropertiesRealm implementation [18].
> Therefore, the GeodePermissionResolver class must NOT be internal.  This is 
> particularly important if the user is using Apache Shiro to the fullest 
> extent to configure and secure Apache Geode.
> Of course, I could have provided my own implementation of the Apache Shiro 
> PermissionResolver interface [26] (especially given the simplicity of the 
> GeodePermissionResolver implementation) but if that implementation every 
> involves more logic behind the scenes, better to "reuse" then "reinvent" in 
> this case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to