Skip to main content


Eclipse Community Forums

      Home
Home » Modeling » EMF » [CDO] ReadAccessHandler and CDORevisions(Best Practice to use them)
[CDO] ReadAccessHandler and CDORevisions [message #665142] Wed, 13 April 2011 08:50 Go to next message
Eclipse UserFriend
We would like to use CDO for a bigger distributed research database. So we need server-side security.
We therefore want to override i.a. the ReadAccessHandler.

1. The first problem is: How do we use it.
We will often have some "allowed" and some "notallowed" objects in the revisions-Array of the ReadAccessHandler.
If we always throw an exception the client will never get any data.(?)

2. Our workaround brings up a new problem:
We changed our model as follows:
Whenever you want to call a "protected" object you first have to call a corresponding ACL-Object. There you see if you are allowed to actually get the real data object. So we would avoid serverside exceptions at all.
BUT: We of course want also the serverside protection:
So we could check the revisions that pass the ReadAccessHandler if they are protected dataobjects.
And now (HERES THE PROBLEM) we need to get the corresponding ACL-Object (for this check)!
On CDO-Object-Basis this is no problem because there is a bidirectional Reference between ACL-Object and DataObject but in terms of CDORevisions I dont know how to evaluate the reference from DataObject to ACL-Object.
It seems to be possible to evalute Attributes. But trying to evaluate a reference gives me always null:
Like:
revision.data().get(reference_Ftr,0);

How to solve this dilmma?: If there would be a solution to 1 I dont need a solution for 2.
Or is there a better way to do a workaround?

Cheers,
Hagen
Re: [CDO] ReadAccessHandler and CDORevisions [message #665174 is a reply to message #665142] Wed, 13 April 2011 10:41 Go to previous message
Eclipse UserFriend
Hi Hagen,

Comments below...


Am 13.04.2011 14:50, schrieb Hagen:
> We would like to use CDO for a bigger distributed research database. So we need server-side security.
> We therefore want to override i.a. the ReadAccessHandler.
>
> 1. The first problem is: How do we use it.
> We will often have some "allowed" and some "notallowed" objects in the revisions-Array of the ReadAccessHandler.
> If we always throw an exception the client will never get any data.(?)
Just the other week Egidijus has made it possible to replace selected revisions from within the ReadAccessHandler:

340961: Enable ReadAccessHandlers to replace revisions
https://bugs.eclipse.org/bugs/show_bug.cgi?id=340961

He uses a custom RevisionFactory to add a security state field to all revisions and set its value from the ReadAccessHandler. An example is in org.eclipse.emf.cdo.tests.bugzilla.Bugzilla_340961_Test.

>
> 2. Our workaround brings up a new problem:
> We changed our model as follows:
> Whenever you want to call a "protected" object you first have to call a corresponding ACL-Object. There you see if you are allowed to actually get the real data object. So we would avoid serverside exceptions at all.
> BUT: We of course want also the serverside protection:
> So we could check the revisions that pass the ReadAccessHandler if they are protected dataobjects.
> And now (HERES THE PROBLEM) we need to get the corresponding ACL-Object (for this check)! On CDO-Object-Basis this is no problem because there is a bidirectional Reference between ACL-Object and DataObject but in terms of CDORevisions I dont know how to evaluate the reference from DataObject to ACL-Object.
> It seems to be possible to evalute Attributes. But trying to evaluate a reference gives me always null:
> Like:
> revision.data().get(reference_Ftr,0);
If the value is not supposed to be null you should receive a CDOID which can be used with the repository's revision manager to retrieve the target revision.

You'd probably be happier with a read access equivalent to org.eclipse.emf.cdo.spi.server.ObjectWriteAccessHandler, but unfortunately there's currently none. I could think about it if you submit an RFE.

Cheers
/Eike

----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper



>
> How to solve this dilmma?: If there would be a solution to 1 I dont need a solution for 2.
> Or is there a better way to do a workaround?
>
> Cheers,
> Hagen
Previous Topic:[Teneo] CNF on LogFactory
Next Topic:General question about copyAll() method
Goto Forum:
  


Current Time: Wed Jul 02 07:45:58 EDT 2025

Powered by FUDForum. Page generated in 0.08341 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly