Details
-
New Feature
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
Description
The original authorization flow for the protobuf (in the ProtobufConnectionAuthorizingStateProcessor) would simply check whether the user had the permission statically defined in the operations context and then pass it to the handler if the check passed (doing the appropriate thread local modifications in the state processor call). With fine grained permissions, we now generally have to have the operator parse out the relevant fields to even determine the permission required. The batch operations are even worse in this regard as we'll potentially make many authorization requests and need to handle the failures individually, which forces us to include some level of nasty thread local management in the handler itself (making it very easy to introduce bugs if this isn't done correctly). We should reevaluate how we make the authorization calls and see if theres a more straightforward, less error-prone approach we can use. Bonus points if we can push this down into some intermediate object implementing the Region interface which can also be used by the old protocol and REST API.
Attachments
Issue Links
- is duplicated by
-
GEODE-4905 Extract a common superclass of Protobuf region operation handlers
- Closed
- links to