> On March 23, 2015, 1:59 p.m., Bill Farner wrote:
> > config/pmd/custom.xml, line 61
> > <https://reviews.apache.org/r/32329/diff/3/?file=901950#file901950line61>
> >
> >     Please add a comment explaining the use case we're advocating with this.

Added.


> On March 23, 2015, 1:59 p.m., Bill Farner wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java,
> >  line 134
> > <https://reviews.apache.org/r/32329/diff/3/?file=901953#file901953line134>
> >
> >     Seems like this value has meaning.  It might be worth extracting a 
> > constant and document how it ties in with other components/configuration.

Fixed.


> On March 23, 2015, 1:59 p.m., Bill Farner wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthenticatingThriftInterceptor.java,
> >  line 33
> > <https://reviews.apache.org/r/32329/diff/3/?file=901955#file901955line33>
> >
> >     We don't do this in other interceptors.  Seems like this is trading a 
> > NullPointerException for an IllegalStateException.  I don't feel strongly, 
> > but i also wouldn't be upset if this code disappeared.

I think the IllegalStateException is easier to track down and it can catch 
other configuration errors, such as calling initialize twice. Happy to 
reconsider if others feel differently.


> On March 23, 2015, 1:59 p.m., Bill Farner wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthenticatingThriftInterceptor.java,
> >  line 62
> > <https://reviews.apache.org/r/32329/diff/3/?file=901955#file901955line62>
> >
> >     remove newline

removed.


> On March 23, 2015, 1:59 p.m., Bill Farner wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptor.java,
> >  line 164
> > <https://reviews.apache.org/r/32329/diff/3/?file=901956#file901956line164>
> >
> >     A doc would be helpful here.  At first glance, it's odd that one method 
> > can produce multiple 'candidate methods'.

doc added


> On March 23, 2015, 1:59 p.m., Bill Farner wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptor.java,
> >  lines 206-210
> > <https://reviews.apache.org/r/32329/diff/3/?file=901956#file901956line206>
> >
> >     Added protection - filter and throw if there's != 1 annotated parameter.

Done.


> On March 23, 2015, 1:59 p.m., Bill Farner wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptor.java,
> >  lines 221-223
> > <https://reviews.apache.org/r/32329/diff/3/?file=901956#file901956line221>
> >
> >     Skip the Optional dance and push the throw up to 
> > annotatedParameterIndex.

Done.


> On March 23, 2015, 1:59 p.m., Bill Farner wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptor.java,
> >  line 236
> > <https://reviews.apache.org/r/32329/diff/3/?file=901956#file901956line236>
> >
> >     Maybe a better message is "No FieldGetter was supplied for x"

Done.


> On March 23, 2015, 1:59 p.m., Bill Farner wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/StructFieldGetter.java,
> >  line 30
> > <https://reviews.apache.org/r/32329/diff/3/?file=901958#file901958line30>
> >
> >     Consider s/Struct/Thrift/

Done.


> On March 23, 2015, 1:59 p.m., Bill Farner wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/StructGetter.java,
> >  line 26
> > <https://reviews.apache.org/r/32329/diff/3/?file=901959#file901959line26>
> >
> >     `Struct` doesn't seem like the right noun here.  Perhaps `Field`?

done.


> On March 23, 2015, 1:59 p.m., Bill Farner wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/StructGetter.java,
> >  line 27
> > <https://reviews.apache.org/r/32329/diff/3/?file=901959#file901959line27>
> >
> >     I don't see any areas where this is used as a `Function`.  If we're not 
> > getting anything from extending Function, i suggest you declare the method 
> > here and not extend.

It's used now - callers only need the narrow Function interface.


> On March 23, 2015, 1:59 p.m., Bill Farner wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/StructGetter.java,
> >  line 33
> > <https://reviews.apache.org/r/32329/diff/3/?file=901959#file901959line33>
> >
> >     Is the coupling to TBase necessary here?

It's not - removed.


> On March 23, 2015, 1:59 p.m., Bill Farner wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/StructGetter.java,
> >  line 55
> > <https://reviews.apache.org/r/32329/diff/3/?file=901959#file901959line55>
> >
> >     Ditto.

It's not - removed.


- Kevin


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/32329/#review77448
-----------------------------------------------------------


On March 27, 2015, 4:14 p.m., Kevin Sweeney wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/32329/
> -----------------------------------------------------------
> 
> (Updated March 27, 2015, 4:14 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen and Bill Farner.
> 
> 
> Bugs: AURORA-1187
>     https://issues.apache.org/jira/browse/AURORA-1187
> 
> 
> Repository: aurora
> 
> 
> Description
> -------
> 
> Apologies for the large diff, this wound up needing to input validation at 
> the AOP layer.
> 
> Probably the best place to start reading this diff is ApiSecurityIT to see 
> the feature this patch enables.
> 
> 
> Diffs
> -----
> 
>   config/pmd/custom.xml 521fd500146eb2e45f8e77c5c3c0cce330fedabb 
>   src/main/java/org/apache/aurora/scheduler/http/api/ApiBeta.java 
> 827e85b6cac8bd52359610bbc2002973a769705c 
>   src/main/java/org/apache/aurora/scheduler/http/api/ApiModule.java 
> 2408cd1f9af5f109a339f5c78134465cb117f7fc 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java
>  ec6a02c4086ee0d5a7529083030d978ea889f677 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/AuthorizingParam.java
>  808987939b2c4a850e488dc033b50b0178e95ba0 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/FieldGetter.java 
> PRE-CREATION 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/FieldGetters.java 
> PRE-CREATION 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthenticatingThriftInterceptor.java
>  PRE-CREATION 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptor.java
>  PRE-CREATION 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroThriftInterceptor.java
>  4e341e05c34b1be38f0040c26b671a0cc797a771 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ThriftFieldGetter.java
>  PRE-CREATION 
>   
> src/main/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterface.java
>  5588d1793d6713ee4581ac9f938d9a8689acb315 
>   src/main/java/org/apache/aurora/scheduler/thrift/aop/AopModule.java 
> bdd2185f3a7a94b39bcec3c73455e970d87f0c6a 
>   src/test/java/org/apache/aurora/scheduler/http/api/ApiBetaTest.java 
> cafd10f6b705568588c1b92644b482003242fe2e 
>   src/test/java/org/apache/aurora/scheduler/http/api/ApiIT.java 
> ed284f46ac8f01bd6d9e317f995f16d6e666a68d 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java
>  76cb691e6d7d4fada3a18fde73aceed7039bcaa4 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthenticatingThriftInterceptorTest.java
>  PRE-CREATION 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java
>  PRE-CREATION 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroThriftInterceptorTest.java
>  d2ba2730c4509dc9a636fd32e9244b0d7fa2884f 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ThriftFieldGetterTest.java
>  PRE-CREATION 
>   src/test/java/org/apache/aurora/scheduler/thrift/ThriftIT.java 
> 1f24e7d47e1f777ffef19a73d01171fcacd31cdb 
>   src/test/java/org/apache/aurora/scheduler/thrift/aop/AopModuleTest.java 
> d20c9da3c4944ec8c50fe8d48b7e459ff1c7082b 
> 
> Diff: https://reviews.apache.org/r/32329/diff/
> 
> 
> Testing
> -------
> 
> ./gradlew -Pq build
> 
> 
> Thanks,
> 
> Kevin Sweeney
> 
>

Reply via email to