Dev/omar/design/serverPlugin
From Omar Wiki
Contents |
[edit]
Registry Plugin Feature
[edit]
Original Motivation and Use Cases
Enable interception and of registry protocol requests by a Java Plugin to enable following use cases:
- Allow an AdhocQueryRequest to be modified to add additional predicates to do Role Based filtering
- Fixes problem where currently a request may match
thousands of objects but after access control checks only a few of the thousands would actually be returned to client. This is a performance issue because the db has to return thousands of objects that are not needed.
- Allow a publish request to enfrce access control checks that span multiple objects in publish request.
- Currently this is not possible because omar and ebRR specs only support access control on a per object basis.
[edit]
Feature Design
[edit]
Interface RegistryPlugin
- Implemented by all registry plugins
- Configured by RegistratyAdmin as slots on singleton Registry instance.
- A separate multi-valued slot for each typoe of plugin
- For each such Slot each slot value is the fully qualified classname for the plugin class
[edit]
Interface RequestInterceptor
- Administrators could configure a Java class (or classes) as plugin for Request Validation
- Each plugin would be specific to a specified Role (defined by Subject Role scheme).
- Each plugin could modify the request as it sees fit or to throw a RegistryException such as an AuthorizationExcpetion.
- In query scenario it culd add additional predicates to the query to filter down to the tens of objects.
- In publish scenario it could do a single complex access control check spanning all objects in entire request as well as objects in registry.
[edit]
Server Modifications
- Define constants in BindingUtility for slotName for special slotNames for each type of plugin (use on Registry singleton instance)
- Refactor code from AuthorizatioNServiceImpl to BindingUtility.getACtionFromRequest(..) to convert a RegistryRequestType to a string defined by ebRIM as supported Actions.
- Refactor Actiion constants from AuthorizatioNServiceImpl to CanonicalConstants
- Modified spi.NotificationListener interface to no longer be JAXR based but instead use JAXB Bindings.
- Makes spi.NotificationListener consistent with spi.RequestInterceptor
- All plugins would now be based on server interfaces rather than JAXR
- Fixed PluginNotifier to send JAXB NotificationType instead of JAXR Notification to NotificationListener plugin
- Added new interface spi.RegistryPlugin
- This interface defines standard methods for server to learn about the plugin
- Avoids relying on messy RegistryObjects/Slots based configuration to get information about a plugin to server!
- Modified spi.RequestInterceptor to extend RegistryPlugin
- Added a new server.cache package
- AbsttractCache: base class for all Cache classes
- ObjectCache: Caches individual objects (implemented but not tested extensively. Seems to work.)
- RoleCache: Caches User/Roles mappings (implemented and tested even less than ObjectCache)
- QueryCache: Caches common queries and their results (not implemented yet)
- Modified server.QueryManagerImpl to make use of ObjectCache
- Modified EventManager to notify caches of events directly. Decided not to use SUbscription / Notification as it is more complex, unnecessary and inefficient.
- Added server/plugin package where teh plugin framework classes are added
- PluginManager: Manages all instances of a particular type of plugin and is responsible for invoking them
- Currently has no methods.
- AbstractPluginManager: Common base class for all PluginManagers.
- Provides factory method for creating plugin instances
- RequestInterceptorManager: Manager for RequestInterceptor plugins
- PluginManager: Manages all instances of a particular type of plugin and is responsible for invoking them
- Some minor bug fixes to ServerRequestContext and to invoke RequestInterceptorManager at the right places.
[edit]
Testing the Feature
- No unit tests created yet
- Have been using an uncommitted RequestInterceptor
- Using Java UI, manually add appropriate slot to Registry SIngleton instance and then use existing server.LifeCycleManagerImplTest in debugger
- slot name: urn:freebxml:registry:Registry:interceptors
- slotType: urn:oasis:names:tc:ebxml-regrep:DataType:String
- slotValue: ca.on.gov.mgs.gateway.policy.ServiceAdminPolicyPlugin (plugin specific class)
[edit]
Design Issues
Diego, please comment on these. Thanks.
- TBD
