...
- The contract for the interface
MethodInvocationAuthorizer
won't include athrows
clause for theNotAuthorizedException
class, that exception was designed to indicate that the subject is not allowed to execute a particular operation, not to indicate that a problem has occurred and that the authorization can not be determined. Since Geode can't do anything to recover from such errors and doesn't have any insights about the actual implementation, a non checked exception should be thrown whenever there's an error while executing the authorization logic. - Authorizer Implementations won't have Based as part of the actual name since the word doesn't add anything useful to the class name.
- Class name for GeodeBasedMethodAuthorizer was changed to MethodUnrestrictedMethodAuthorizer.
- Method name isKnownDangerousMethod was changed to isPermanentlyForbiddenMethod.
- The IndexManager was modified to throw an exception and mark the index as invalid whenever the removal of an entry from an index fails. This was the behaviour used when adding mappings to an index, so the class was fixed to keep consistency between the different operations and to be able to mark existing indexes as invalid whenever a newly configured
MethodInvocationAuthorizer
doesn't allow the method invocations included within the index expression (see GEODE-7486 and GEODE-7351). - The CQ Engine was modified to always use the most up to date configured
MethodInvocationAuthorizer. W
henever theMethodInvocationAuthorizer
is changed in runtime, all running CQs are updated to use it in order to avoid security issues and previously cached results are invalidated/cleared as cached keys may not be valid anymore (see GEODE-7487, GEODE-7497 and GEODE-7351).