|
Re: [CDO] ReadAccessHandler and CDORevisions [message #665174 is a reply to message #665142] |
Wed, 13 April 2011 14:41 |
|
Hi Hagen,
Comments below...
Am 13.04.2011 14:50, schrieb Hagen:
> We would like to use CDO for a bigger distributed research database. So we need server-side security.
> We therefore want to override i.a. the ReadAccessHandler.
>
> 1. The first problem is: How do we use it.
> We will often have some "allowed" and some "notallowed" objects in the revisions-Array of the ReadAccessHandler.
> If we always throw an exception the client will never get any data.(?)
Just the other week Egidijus has made it possible to replace selected revisions from within the ReadAccessHandler:
340961: Enable ReadAccessHandlers to replace revisions
https://bugs.eclipse.org/bugs/show_bug.cgi?id=340961
He uses a custom RevisionFactory to add a security state field to all revisions and set its value from the ReadAccessHandler. An example is in org.eclipse.emf.cdo.tests.bugzilla.Bugzilla_340961_Test.
>
> 2. Our workaround brings up a new problem:
> We changed our model as follows:
> Whenever you want to call a "protected" object you first have to call a corresponding ACL-Object. There you see if you are allowed to actually get the real data object. So we would avoid serverside exceptions at all.
> BUT: We of course want also the serverside protection:
> So we could check the revisions that pass the ReadAccessHandler if they are protected dataobjects.
> And now (HERES THE PROBLEM) we need to get the corresponding ACL-Object (for this check)! On CDO-Object-Basis this is no problem because there is a bidirectional Reference between ACL-Object and DataObject but in terms of CDORevisions I dont know how to evaluate the reference from DataObject to ACL-Object.
> It seems to be possible to evalute Attributes. But trying to evaluate a reference gives me always null:
> Like:
> revision.data().get(reference_Ftr,0);
If the value is not supposed to be null you should receive a CDOID which can be used with the repository's revision manager to retrieve the target revision.
You'd probably be happier with a read access equivalent to org.eclipse.emf.cdo.spi.server.ObjectWriteAccessHandler, but unfortunately there's currently none. I could think about it if you submit an RFE.
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
>
> How to solve this dilmma?: If there would be a solution to 1 I dont need a solution for 2.
> Or is there a better way to do a workaround?
>
> Cheers,
> Hagen
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
|
|
|
Powered by
FUDForum. Page generated in 0.02786 seconds