Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #117 (closed)

Opened 18 years ago

Closed 18 years ago

Push security filters into DB

Reported by: jamoore Owned by: jamoore
Priority: critical Milestone: 3.0-M3
Component: Security Version: 3.0-M1
Keywords: hibernate,story114 Cc:
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: n.a.
Sprint: n.a.

Description

Currently, our filtering is done in the business logic (for all intents and purposes). It should be possible to push that down into the Hibernate-generated SQL queries. Filters are the name of the game.

The main concern is whether or not our queries begin to behave differently once this is put in place. Outer joins may not begin to behave as inner joins as was happening in Omero2.

Change History (12)

comment:1 Changed 18 years ago by jmoore

  • Keywords story114 added

comment:2 Changed 18 years ago by jmoore

  • Milestone set to cycle2

comment:3 Changed 18 years ago by jmoore

  • Keywords iteration2 added

Vital for read security.

comment:4 Changed 18 years ago by jmoore

Read filters can only be applied to "Global" types with difficult because of the missing owner_id, group_id, and creation_id columns. See #230.

comment:5 Changed 18 years ago by jmoore

Won't be sufficient. Will also need catches in OmeroInterceptor onLoad.

See http://opensource.atlassian.com/projects/hibernate/browse/HHH-67

comment:6 Changed 18 years ago by jmoore

r789 has this working. There need to be extensive tests regarding joins (there are already some interesting issues regarding the one-to-one between Image and Pixels), but by and large, yes, we now filter directly in the DB.

The actual filter is defined in code (SecurityFilter) to make use of SecuritySystem methods (#225). The actual enabling of the this happens in EventHandler (already updated in r787). However, #232 will need to be addressed for this to be fully "safe".


Note: SaveEventSupport should have been in r788.

comment:7 Changed 18 years ago by jmoore

r793 patches the spring-hibernate3-2.0-rc1.jar (from 2.0-rc2 code) to fix a Hibernate configuration issue. This is written up as:

http://opensource.atlassian.com/projects/spring/browse/SPR-2305

comment:8 Changed 18 years ago by jmoore

r796 patches another spring jar (see #238) and adds mock_filters.hbm.xml to allow build to get past the Hibernate bug mentioned in SPR-2305

comment:9 Changed 18 years ago by jmoore

r810 add the jars again. Something was fishy.

comment:10 Changed 18 years ago by jmoore

r823 addsd the SecurityFilter to all collections. This was missing before but very important.

comment:11 Changed 18 years ago by jmoore

  • Keywords iteration2 removed

Unscheduling this umbrella ticket.

comment:12 Changed 18 years ago by jmoore

  • Resolution set to duplicate
  • Status changed from new to closed

Merging with #200.

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.74320 sec.)

We're Hiring!