Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

User Story #328 (new)

Opened 18 years ago

Last modified 14 years ago

Rework SecuritySystem — at Version 5

Reported by: jamoore Owned by: jamoore
Priority: critical Milestone: 3.0-M3
Component: Security Keywords: iteration5
Cc: Story Points: n.a.
Sprint: n.a. Importance: n.a.
Total Remaining Time: n.a. Estimated Remaining Time: n.a.

Description (last modified by jmoore)

The SecuritySystem can be substantially simplified and have a good deal of its logic hidden now that its API is stabilizing. It has accumulated too many responsibilities (like being the holder for thread context rather than event context). As well, #326 requires serializable, read-only event context state.

Work items:

  • Add ome.security.basic package (possibly ome.services.security.basic)
  • Move BasicSecuritySystem to *.basic
  • Move ThreadLocalEventContext to *.basic or have *.basic.CurrentDetails implement EventContext
  • Add all needed methods to EventContext
  • Make SimpleEventContext serializable
  • Add getEventContext to StatefulServiceInterface
  • Add EventContext.copy()
  • Add SecuritySystem.getEventContext()
  • Add SecuritySystem.getSecurityRoles() (Serializable)
  • Add IAdmin.getSecurityRoles()
  • Refactor some of EventHandler to SessionHandler
  • Add SecuritySystem.getInternal().getACLEventListener() and co. (remove allow* and throw* from API) or BasicSecuritySystem as FactoryBean
  • Remove attempted save from setCurrentDetails and instead pass in the readOnly status

Change History (5)

comment:1 Changed 18 years ago by jmoore

More work items:

  • Update utests.SecuritySystemTest (esp! managedDetails)
  • Possible SecuritySystemCallback interface (for event listeners, interceptor, ...)
    ( ? with methods that take this ? )
  • rename login to setLogin, setCurrentDetails to load (similar for logout,unload)

comment:2 Changed 18 years ago by jmoore

And cleanup items:

  • Remove OneTimeTokens (in line with privileged/tainted documentation)

comment:3 Changed 18 years ago by jmoore

Also possible to remove lockCandidates from SecuritySystem and instead have the events and the interceptor work together via EventSource.getInterceptor().

comment:4 Changed 18 years ago by jmoore

r939 begins this process.

  • Makes EventLog and EventDiff global (system) types (meta.ome.xml)
  • Removes Permissions and filters from global (system) types (mapping.vm)
  • Removes Permissions from data.vm and common/build.xml
  • Fixes null pointers (due to null details due to null permissions) where needed
  • Switched to StatelessSession for saving EventLogs (EventHandler)
  • Refactored (simpliciation and fixed EventLogs) CurrentDetails
  • Minor Locking fixes -- no locking system types (since no permissions)
  • Minor Details fixes -- nulls are always replaced
  • Minor TypesImpl fix -- for creating enumerations. (Needs work)

The access to the EventLogs via SecuritySystem will need to be removed with the final reworking.

comment:5 Changed 18 years ago by jmoore

  • Description modified (diff)
Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.67928 sec.)

© 2000-2014 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 3.0 Unported License
OME source code is available under the GNU General public license or through commercial license from Glencoe Software

We're Hiring!