Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

User Story #328 (closed)

Opened 15 years ago

Closed 12 years ago

Rework SecuritySystem

Reported by: jamoore Owned by: jamoore
Priority: critical Milestone: Cleanup
Component: Security Keywords: cleanup
Cc: Story Points: n.a.
Sprint: n.a. Importance: n.a.
Total Remaining Time: n.a. Estimated Remaining Time: n.a.

Description (last modified by jmoore)

The SecuritySystem can be substantially simplified and have a good deal of its logic hidden now that its API is stabilizing. It has accumulated too many responsibilities (like being the holder for thread context rather than event context). As well, #326 requires serializable, read-only event context state.

Work items:

  • Add ome.security.basic package (possibly ome.services.security.basic) DONE
  • Move BasicSecuritySystem to *.basic DONE
  • Move ThreadLocalEventContext to *.basic or have *.basic.CurrentDetails implement EventContext DONE
  • Add all needed methods to EventContext DONE
  • Make SimpleEventContext serializable DONE
  • Add getEventContext to StatefulServiceInterface OPEN
  • Add EventContext.copy() DONE (copy ctor in SimpleEventCtx)
  • Add SecuritySystem.getEventContext() DONE
  • Add SecuritySystem.getSecurityRoles() (Serializable) DONE
  • Add IAdmin.getSecurityRoles() DONE
  • Refactor some of EventHandler to SessionHandler OPEN
  • Add SecuritySystem.getInternal().getACLEventListener() and co. (remove allow* and throw* from API) or BasicSecuritySystem as FactoryBean DONE (using package privates)
  • Remove attempted save from setCurrentDetails and instead pass in the readOnly status DONE

Change History (17)

comment:1 Changed 15 years ago by jmoore

More work items:

  • Update utests.SecuritySystemTest (esp! managedDetails)
  • Possible SecuritySystemCallback interface (for event listeners, interceptor, ...)
    ( ? with methods that take this ? )
  • rename login to setLogin, setCurrentDetails to load (similar for logout,unload)

comment:2 Changed 15 years ago by jmoore

And cleanup items:

  • Remove OneTimeTokens (in line with privileged/tainted documentation)

comment:3 Changed 15 years ago by jmoore

Also possible to remove lockCandidates from SecuritySystem and instead have the events and the interceptor work together via EventSource.getInterceptor().

comment:4 Changed 15 years ago by jmoore

r939 begins this process.

  • Makes EventLog and EventDiff global (system) types (meta.ome.xml)
  • Removes Permissions and filters from global (system) types (mapping.vm)
  • Removes Permissions from data.vm and common/build.xml
  • Fixes null pointers (due to null details due to null permissions) where needed
  • Switched to StatelessSession for saving EventLogs (EventHandler)
  • Refactored (simpliciation and fixed EventLogs) CurrentDetails
  • Minor Locking fixes -- no locking system types (since no permissions)
  • Minor Details fixes -- nulls are always replaced
  • Minor TypesImpl fix -- for creating enumerations. (Needs work)

The access to the EventLogs via SecuritySystem will need to be removed with the final reworking.

comment:5 Changed 15 years ago by jmoore

  • Description modified (diff)

comment:6 Changed 15 years ago by jmoore

  • Description modified (diff)

r951 Adds ome.system.Roles for defining the privileged accounts.

comment:7 Changed 15 years ago by jmoore

  • Description modified (diff)

r952 satisfies most of the reworking requirements. Most importantly, the SecuritySystem interface has now lost many of its methods (a good thing). In addition to the main description changes (marked "DONE"), also:

  • From comments:
    • removes OneTimeTokens
    • removes non-package access to EventLogs
  • Misc.
    • Removes spurious Event saves. (there were at least 3!)
    • Refactors to HibernateUtils (renamed from Reloader)
    • Moves the newly (r939) refactored CurrentDetails.data to BasicEventContext
    • CurrentDetails no longer static
    • Removed EventLogHolder (possibly HUGE memory leak)
    • Fixes all test compilation issues

Remaining are:

  • remove and rename a few last methods in SecuritySystem
  • possibly remove the new ACLVoter, moving logic to ACLEventListener
  • addition to StatefulServiceInterface
  • EventHandler/SessionHandler refactoring
  • handling setEventContext() rather than lookup for stateful services (#326)
  • the proper handling of EventContext copying
  • documentation

comment:8 Changed 15 years ago by jmoore

  • Description modified (diff)

r957 adds IAdmin.getEventContext by adding a copy constructor to SimpleEventContext. EventContext.copy is no longer needed.

comment:9 Changed 15 years ago by jmoore

r957 also fixes the spelling of isReadyOnly. Heh.

comment:10 Changed 15 years ago by jmoore

r958 removes ThreadLocalEventContext (fixes build)

comment:11 Changed 15 years ago by jmoore

  • Keywords iteration6 added; iteration5 removed

comment:12 Changed 15 years ago by jmoore

r992 removes and renames last of SecuritySystem interface methods

comment:13 Changed 15 years ago by jmoore

Pushing to milestone:3.0-M4 for the last few event context changes.

comment:14 Changed 15 years ago by jmoore

  • Milestone changed from 3.0-M3 to 3.0-M4

comment:15 Changed 15 years ago by jmoore

  • Keywords iteration6 removed

comment:16 Changed 15 years ago by jmoore

  • Keywords cleanup added
  • Milestone changed from 3.0-Beta2 to 3.0-RC1

comment:17 Changed 12 years ago by jmoore

  • Resolution set to fixed
  • Status changed from new to closed

This seems to be largely done (esp. w/ the work on #1434) and otherwise too vague.

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.71375 sec.)

We're Hiring!