9 Replies Latest reply on Feb 16, 2010 4:09 AM by jmesnil

    AddressControl semantics on addRole and deleteRole

    clebert.suconic

      What should be the semantic on addRole?

       

      I - Semantic on add:

       

      Say, you had a filter #, adding a role to Guest

       

      Then, the user calls addRole("Address1", new Role("producer", true, true, false, false.... false));

       

       

      As a result of this operation, we will have Gues and producer associated with Address1, while I would expect only producer being associated (as an user).

       

      This is because the AddressControl will always look for a match before creating the collections. Shouldn't this be using an exact match instead?

       

       

      II - Semantic on delete:

       

      Say you remove all the roles associated with an address. You will end up with an empty match what means nothing is authorized.

       

      I'm writing a test where I add roles on setup, and delete the roles on tearDown. I would expect deleting all the roles making it a clean record. (What means... removing the match).

        • 1. Re: AddressControl semantics on addRole and deleteRole
          jmesnil

          clebert.suconic@jboss.com wrote:

           

          What should be the semantic on addRole?

           

          I - Semantic on add:

           

          Say, you had a filter #, adding a role to Guest

           

          Then, the user calls addRole("Address1", new Role("producer", true, true, false, false.... false));

           

           

          As a result of this operation, we will have Gues and producer associated with Address1, while I would expect only producer being associated (as an user).

           

          This is because the AddressControl will always look for a match before creating the collections. Shouldn't this be using an exact match instead?

          I'm not sure. If you use an exact match, this also means that they will not inherit from the defaut match iirc.

          In your example, you'll ending up with having the producer role associated to the address but no longer the "guest" role.

           

          I think the issue is that the address is not the right level to deal with security settings. It should be done at an upper level so that

          we can specify what type of address (exact match, a filter) is mapped to which set of roles. Something like https://jira.jboss.org/jira/browse/HORNETQ-288 but for SecuritySettings.

           

          wdyt?

          • 2. Re: AddressControl semantics on addRole and deleteRole
            clebert.suconic

            I'm not sure. If you use an exact match, this also means that they will not inherit from the defaut match iirc.

            In your example, you'll ending up with having the producer role associated to the address but no longer the "guest" role.

             

            That's what I would expect. If I add roles to an address, I would do for every role I need.

             

            Also, I agree we need a higher level to manage address settings.

             

             

            Anyway, for now, I will keep inheriting the #. And I'm thinking about adding a new method on the control: resetSecuritySettings which will basically remove the match.

            • 3. Re: AddressControl semantics on addRole and deleteRole
              timfox

              I guess it's just me, but I can't work out what this thread is about. I stared at Clebert's mail for about 15 mins, but no luck.

               

              Can someone explain in more detail?

              • 4. Re: AddressControl semantics on addRole and deleteRole
                clebert.suconic

                I was talking to Jeff before I wrote this.. he knew what I was talking about.

                 

                 

                When you do

                 

                AddressControl controller = .... lookup theController for the Address TestQueue for example...

                controller.addRole("producer", true, true, true.....);

                 

                 

                The security setting for TestQueue will have two roles, which will include guest and producer.

                 

                Which is fine.. I was just clearing if this was the correct semantic.

                 

                 

                 

                if you use the same controller to remove all the existing roles.. you will end up with the match without any authorization. so, I had to create a new method to clear settings.

                 

                 

                That's all

                • 5. Re: AddressControl semantics on addRole and deleteRole
                  timfox

                  I still don't understand.. .what is this role "guest"? Where did it come from?

                   

                  The explanation is lacking info.

                  • 6. Re: AddressControl semantics on addRole and deleteRole
                    timfox

                    Jeff, it seems you understood this thread?

                     

                    Any chance you could give a summary so I can understand it?

                    • 7. Re: AddressControl semantics on addRole and deleteRole
                      jmesnil

                      The discussion is about adding/removing roles associated to addresses using the Management API.

                       

                      The current implementation is buggy: we retrieve the roles associated to an address by finding the closest match

                      and we modified the returned sets directly => e.g. adding a "producer" role to a "foo" address will modify the defaut

                      address settings if there is no address settings for "foo". (I find misleading to return Collections representing the

                      internal state of the settings, i'd be better to either return a copy or an unmodifiable version).

                       

                      In the same way, if you delete a role from a "foo" address with no exact address settings, this removes the role

                      from the closest match too which is wrong.

                       

                      Clebert's point is that this is incorrect (and useless). Adding/deleting roles to an address should be done

                      using security settings on the exact address name, not by getting the nearest match (eventually being the default settings).

                       

                      Does that make sense?

                      • 8. Re: AddressControl semantics on addRole and deleteRole
                        timfox
                        Thanks. That makes sense
                        • 9. Re: AddressControl semantics on addRole and deleteRole
                          jmesnil
                          SecuritySettings should be manageable via the management API: https://jira.jboss.org/jira/browse/HORNETQ-300