[jira] [Commented] (JENA-990) rename the UpdateDeniedException

Fri, 17 Jul 2015 23:51:08 -0700 

    [ 
https://issues.apache.org/jira/browse/JENA-990?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14632302#comment-14632302
 ] 

Claude Warren commented on JENA-990:
------------------------------------

Andy, I think the separation you are looking for is the distinction between 
when authentication may resolve an AccessDeniedException and when it will not.  
It took me awhile to see the distinction you were presenting but I think that 
captures it.  Basically if the graph is read-only authentication will not solve 
the add denied exception -- right?  

Within the SecurityEvaluator implementation it is possible to make certain 
graphs read-only such that authentication will not change the state.  I hadn't 
thought about this before.  It seems to me that the only place where we know 
that authentication may change the AccessDeniedException is in the 
SecurityEvaluator.  I suggest that we add an AuthenticationRequiredException to 
be thrown when the system determines that authentication may change the state 
of what would otherwise be an AccessDeniedException.  I think that 
AuthenticationRequiredException should be a child of AccessDeniedException.

This should make it much easier for Fuseki to produce proper 400 series errors.

>  rename the UpdateDeniedException
> ---------------------------------
>
>                 Key: JENA-990
>                 URL: https://issues.apache.org/jira/browse/JENA-990
>             Project: Apache Jena
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: Jena 3.0.0
>            Reporter: Claude Warren
>            Assignee: Claude Warren
>            Priority: Minor
>
> As noted in a discussion on the dev list between myself and Andy this update 
> is to rename the current UpdateDeniedException to AccessDeniedException and 
> extend it from a newly created OperationDeniedException.
> AddDeniedException and DeleteDeniedException will extend 
> AccessDeniedException.
> jena-permissions will extend AccessDeniedException to create:
> ReadDeniedException -- for read restrictions
> UpdateDeniedException -- for update restrictions (modifying triples that 
> already exists as opposed to adding new triples)
> This will allow Fuskei to properly respond to the case where jena-permissions 
> is in place and there are update restrictions in place.  Currently Fuseki 
> returns this as a 500 error.  Once we have a common permission denied 
> exception we can return either authentication required or access denied as 
> appropriate.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to