Details
-
Sub-task
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
Description
1. First, the GeodePermissionResolver [23] is necessary to configure Apache Shiro's provided (OOTB) Realms correctly. Otherwise, the security Permissions are not enforced properly (in a hierarchical fashion as advertised [24], i.e. in section "3. Introduction of ResourcePermission").
I used [25] the GeodePermissionResolver class to configure the Apache Shiro provided (OOTB) PropertiesRealm implementation [18].
Therefore, the GeodePermissionResolver class must NOT be internal. This is particularly important if the user is using Apache Shiro to the fullest extent to configure and secure Apache Geode.
Of course, I could have provided my own implementation of the Apache Shiro PermissionResolver interface [26] (especially given the simplicity of the GeodePermissionResolver implementation) but if that implementation every involves more logic behind the scenes, better to "reuse" then "reinvent" in this case.