-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/42614/#review115697
-----------------------------------------------------------



src/main/java/org/apache/aurora/scheduler/http/api/security/AuthorizingParam.java
 (line 34)
<https://reviews.apache.org/r/42614/#comment176714>

    The limit of 2 seems arbitrary, and this reflects in the code.  Why not 
simply say that if there are multiple authorizing params, exactly one must be 
non-null?



src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptor.java
 (line 209)
<https://reviews.apache.org/r/42614/#comment176717>

    Consider removing the use of guava's `Invokable` and `Parameter` 
throughout.  They really only exist as an abstraction over methods and 
constructors, which we don't need here.  The change is self-explanatory 
starting with
    
    ```
    candidateMethod.getParameters()
    ```



src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptor.java
 (line 215)
<https://reviews.apache.org/r/42614/#comment176711>

    Not new, but consider dropping this check.  The lookup in 
`FIELD_GETTERS_BY_TYPE` is more direct.



src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptor.java
 (line 220)
<https://reviews.apache.org/r/42614/#comment176712>

    s/final //


- Bill Farner


On Jan. 21, 2016, 12:53 p.m., Maxim Khutornenko wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/42614/
> -----------------------------------------------------------
> 
> (Updated Jan. 21, 2016, 12:53 p.m.)
> 
> 
> Review request for Aurora and Bill Farner.
> 
> 
> Repository: aurora
> 
> 
> Description
> -------
> 
> We don't allow dual annotations for authorizing params in thrift. There are 
> cases, however, when it's needed. One example is AURORA-1583 where we would 
> need to support something like below before we cutoff `query` in the next 
> release:
> ```
>   Response killTasks(
>       @AuthorizingParam @Nullable TaskQuery query,
>       @Nullable Lock lock,
>       @AuthorizingParam @Nullable JobKey job,
>       int instances) throws TException;
> ```      
> 
> The new behavior allows at most 2 annotations but only one of the annotated 
> arguments must be non-null during interception.
> 
> Also, added missing test coverage.
> 
> 
> Diffs
> -----
> 
>   config/legacy_untested_classes.txt 6b71fd233af0d137332bc69249d16e433aa198c7 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/AuthorizingParam.java
>  11d7e465556020571ffeefcf05596e6251ba9d19 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptor.java
>  69056624064be4bbd4136afb4dd6e3eb33c5e0d2 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java
>  16a3a3b84c2a06bc340575abb58f853a8f26920d 
> 
> Diff: https://reviews.apache.org/r/42614/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Maxim Khutornenko
> 
>

Reply via email to