[jira] [Commented] (JENA-990) rename the UpdateDeniedException

Fri, 17 Jul 2015 12:41:02 -0700 

    [ 
https://issues.apache.org/jira/browse/JENA-990?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14631795#comment-14631795
 ] 

Andy Seaborne commented on JENA-990:
------------------------------------

(My previous comment crossed over the commits by a few minutes).

The commits put AddDeniedException/DeleteDeniedException under 
AccessDeniedException.  I don't see what could ever be just a 
OperationDeniedException in this design.

That is going to make use in Fuseki harder.  I would see AccessDeniedException 
as the root if was specifically security related exceptions.  Fuseki could 
(eventually) provide 401 and 403 responses for AccessDeniedException.  But if 
AddDeniedException and DeleteDeniedException extend AccessDeniedException, 
which might be used for read-only graphs.  You can argue that is a form of 
access control but I don't think all users will see "read-only" or 
"append-only" graphs as security issues. If 
OperationDeniedException is the base, those situation can be differentiated 
with a different HTTP response (e.g. 400 Bad Request).

In the email I wrote:
> How about "OperationDeniedException" as the root of all refusals, then
> AccessDeniedException used as the root of all permissions exceptions

>  rename the UpdateDeniedException
> ---------------------------------
>
>                 Key: JENA-990
>                 URL: https://issues.apache.org/jira/browse/JENA-990
>             Project: Apache Jena
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: Jena 3.0.0
>            Reporter: Claude Warren
>            Priority: Minor
>
> As noted in a discussion on the dev list between myself and Andy this update 
> is to rename the current UpdateDeniedException to AccessDeniedException and 
> extend it from a newly created OperationDeniedException.
> AddDeniedException and DeleteDeniedException will extend 
> AccessDeniedException.
> jena-permissions will extend AccessDeniedException to create:
> ReadDeniedException -- for read restrictions
> UpdateDeniedException -- for update restrictions (modifying triples that 
> already exists as opposed to adding new triples)
> This will allow Fuskei to properly respond to the case where jena-permissions 
> is in place and there are update restrictions in place.  Currently Fuseki 
> returns this as a 500 error.  Once we have a common permission denied 
> exception we can return either authentication required or access denied as 
> appropriate.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to