Task #117 (closed)
Opened 18 years ago
Closed 18 years ago
Push security filters into DB
Reported by: | jamoore | Owned by: | jamoore |
---|---|---|---|
Priority: | critical | Milestone: | 3.0-M3 |
Component: | Security | Version: | 3.0-M1 |
Keywords: | hibernate,story114 | Cc: | |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | n.a. |
Sprint: | n.a. |
Description
Currently, our filtering is done in the business logic (for all intents and purposes). It should be possible to push that down into the Hibernate-generated SQL queries. Filters are the name of the game.
The main concern is whether or not our queries begin to behave differently once this is put in place. Outer joins may not begin to behave as inner joins as was happening in Omero2.
Change History (12)
comment:1 Changed 18 years ago by jmoore
- Keywords story114 added
comment:2 Changed 18 years ago by jmoore
- Milestone set to cycle2
comment:3 Changed 18 years ago by jmoore
- Keywords iteration2 added
comment:4 Changed 18 years ago by jmoore
Read filters can only be applied to "Global" types with difficult because of the missing owner_id, group_id, and creation_id columns. See #230.
comment:5 Changed 18 years ago by jmoore
Won't be sufficient. Will also need catches in OmeroInterceptor onLoad.
See http://opensource.atlassian.com/projects/hibernate/browse/HHH-67
comment:6 Changed 18 years ago by jmoore
r789 has this working. There need to be extensive tests regarding joins (there are already some interesting issues regarding the one-to-one between Image and Pixels), but by and large, yes, we now filter directly in the DB.
The actual filter is defined in code (SecurityFilter) to make use of SecuritySystem methods (#225). The actual enabling of the this happens in EventHandler (already updated in r787). However, #232 will need to be addressed for this to be fully "safe".
Note: SaveEventSupport should have been in r788.
comment:7 Changed 18 years ago by jmoore
r793 patches the spring-hibernate3-2.0-rc1.jar (from 2.0-rc2 code) to fix a Hibernate configuration issue. This is written up as:
http://opensource.atlassian.com/projects/spring/browse/SPR-2305
comment:8 Changed 18 years ago by jmoore
comment:9 Changed 18 years ago by jmoore
r810 add the jars again. Something was fishy.
comment:10 Changed 18 years ago by jmoore
r823 addsd the SecurityFilter to all collections. This was missing before but very important.
comment:11 Changed 18 years ago by jmoore
- Keywords iteration2 removed
Unscheduling this umbrella ticket.
comment:12 Changed 18 years ago by jmoore
- Resolution set to duplicate
- Status changed from new to closed
Merging with #200.
Vital for read security.