public interface MethodInvocationAuthorizer
Methodis allowed to be executed on a specific
Objectinstance. Implementations of this interface should provide a no-arg constructor.
There are mainly four security risks when allowing users to execute arbitrary methods in OQL, which should be addressed by implementations of this interface:
Java Reflection: do anything through
Cache Modification: execute
Cacheoperations (close, get regions, etc.).
Region Modification: execute
Regionoperations (destroy, invalidate, etc.).
Region Entry Modification: execute in-place modifications on the region entries.
Implementations of this interface should be thread-safe: multiple threads might be authorizing several method invocations using the same instance at the same time.
|Modifier and Type||Method and Description|
Executes the authorization logic to determine whether the
This method exists to allow user-specified method authorizers to be configured and used at runtime. If this method is not overridden in a user-specified authorizer then that authorizer will not be configurable.
methodis allowed to be executed on the
Implementation Note: the query engine will remember whether the method invocation has been already authorized or not for the current query context, so this method will be called once in the lifetime of a query for every new method seen while traversing the objects. Nevertheless, the implementation should be lighting fast as it will be called by the OQL engine in runtime during the query execution.