Hi Niels, the access info that GeoServer receives from GeoFence may come from more than one Rule. The Rule engine looks for all matching rules: constraints contained in Rules of LIMIT type will be merged so to restrict the constraints found in the ALLOW rule. Furthermore, if a user belongs to more than one role, the constraints will be merged so that the user will be granted all the privileges he should have according to each role. All this means that a change in a single Rule may reflect in changes in many items in the cache, that are quite difficult to track down. Also, note that the cache is used in both the embedded and the standalone geofence setup; any changes at that level should take care of not breaking any of the two setup. Another point to consider is about making sure this change will also work in a clustered environment.
Cheers, Emanuele Alle 13:46:54 di Friday 2 June 2017, Niels Charlier ha scritto: > Hello Nuno, > > Another change I have been asked to make in geofence, is that rules in > the cache would automatically invalidated when they are changed. I have > looked at the code, and I have an idea how to do it, and was wondering > if you agree with the approach: > > 1. write a RuleFilter.matches(Rule rule) method (I think currently rule > filters are only used to translate into queries, and there is no way to > match a filter with a single rule) > > 2. write a CachedRuleReader.invalidate(Rule rule) which loops through > the whole cache, and invalidates all rule filters that match the rule. > > 3. write a CachedRuleAdminServiceImpl, that delegates to the normal > RuleAdminServiceImpl but calls the above invalidate upon change of an > existing rule. > > > Kind Regards > > Niels > > > --------------------------------------------------------------------------- > --- Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Emanuele Tajariol Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 380 2116282 http://www.geo-solutions.it http://twitter.com/geosolutions_it ------------------------------------------------------- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
