An idea for being extra cautious on the secure feature collection / secure
feature collection implementations.
Implement the drop methods, as *private final* to catch out any code that may
be trying to subclass and duck the security check, and implement them with a
throws UnsupportedOperationException().
This would catch:
- code that is hitting via reflection
- code that is subclassing
--
Jody Garnett
On Sunday, 4 November 2012 at 7:06 AM, Justin Deoliveira wrote:
> Here it is. I pushed it up to the main repository in case you want to make
> changes Andrea.
>
> https://github.com/geoserver/geoserver/tree/fc_cleanup
>
> Indeed the part i was unsure about was the secure feature collection / secure
> feature source. I basically dropped all the unnecessary methods from
> SecureFeatureCollection as you mentioned. I also removed the wrapping in
> DefaultSecureDataFactory of the plain Iterator interface.
>
> -Justin
>
> On Sat, Nov 3, 2012 at 12:40 PM, Andrea Aime <andrea.a...@geo-solutions.it
> (mailto:andrea.a...@geo-solutions.it)> wrote:
> > On Sat, Nov 3, 2012 at 7:27 PM, Justin Deoliveira <jdeol...@opengeo.org
> > (mailto:jdeol...@opengeo.org)> wrote:
> > >> SecuredFeatureCollection wise I believe we can just drop all the extra
> > >> methods
> > >> Jody removed from FeatureCollection,
> > >> don't think that GeoServer uses any of them but wanted to make sure
> > >> security
> > >> could not be broken by accident if one module started using them
> > >
> > > Yeah, more or less that is what i did. There was a test case though that
> > > were calling the remove/add methods, so updated that. Will definitely
> > > want a
> > > review on that stuff.
> >
> > Sure will do. Since it was security I wanted to make sure I was shutting
> > down
> > all possible ways to write when not allowed (well, past reflection
> > against private
> > fields of course), but those methods and the tests were just me being
> > thorough as
> > I believe there is nothing in GeoServer using them.
> >
> > I'll have a look at the branch as it's made available.
> >
> > Cheers
> > Andrea
> >
> > >>
> > >>
> > >> Cheers
> > >> Andrea
> > >>
> > >> --
> > >> ==
> > >> Our support, Your Success! Visit http://opensdi.geo-solutions.it for
> > >> more information.
> > >> ==
> > >>
> > >> Ing. Andrea Aime
> > >> @geowolf
> > >> Technical Lead
> > >>
> > >> GeoSolutions S.A.S.
> > >> Via Poggio alle Viti 1187
> > >> 55054 Massarosa (LU)
> > >> Italy
> > >> phone: +39 0584 962313 (tel:%2B39%200584%20962313)
> > >> fax: +39 0584 1660272 (tel:%2B39%200584%201660272)
> > >> mob: +39 339 8844549 (tel:%2B39%20339%208844549)
> > >>
> > >> http://www.geo-solutions.it
> > >> http://twitter.com/geosolutions_it
> > >>
> > >> -------------------------------------------------------
> > >
> > >
> > >
> > >
> > > --
> > > Justin Deoliveira
> > > OpenGeo - http://opengeo.org
> > > Enterprise support for open source geospatial.
> > >
> >
> >
> >
> > --
> > ==
> > Our support, Your Success! Visit http://opensdi.geo-solutions.it for
> > more information.
> > ==
> >
> > Ing. Andrea Aime
> > @geowolf
> > Technical Lead
> >
> > GeoSolutions S.A.S.
> > Via Poggio alle Viti 1187
> > 55054 Massarosa (LU)
> > Italy
> > phone: +39 0584 962313 (tel:%2B39%200584%20962313)
> > fax: +39 0584 1660272 (tel:%2B39%200584%201660272)
> > mob: +39 339 8844549 (tel:%2B39%20%20339%208844549)
> >
> > http://www.geo-solutions.it
> > http://twitter.com/geosolutions_it
> >
> > -------------------------------------------------------
>
>
>
> --
> Justin Deoliveira
> OpenGeo - http://opengeo.org
> Enterprise support for open source geospatial.
>
------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________
GeoTools-Devel mailing list
GeoTools-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geotools-devel
