Comments (7)
@FeDLviv, I realized that there is an option available to us today actually. You could, I think, provide a Store customization to add a setContentACL method to your Store interface(s). I don't know why I didn't think of this previously so I apologize. But, anyways, you should be able to do something like this:-
public interface AccessControllable<T> {
void setContentACL(T entity, AccessControlList acl);
}
@Configuration
public class StoreConfiguration {
@Bean
public AccessControllableImpl accessController(AmazonS3 s3) implements AccessControllable, StoreExtension {
public void setContentACL(T entity, AccessControlList acl) {
// use entity and s3 client to set given ACL on content object
}
@Override
public Set<Method> getMethods() {
Class<?> clazz = Renderable.class;
Method method;
try {
method = clazz.getMethod("setContentACL", Object.class, AccessControlList.class);
Set<Method> methods = Collections.singleton(method);
return methods;
}
catch (Exception e) {
...
}
return Collections.emptySet();
}
@Override
public Object invoke(MethodInvocation invocation, StoreInvoker invoker) {
return this.setContentACL(invocation.getArguments[0], invocation.getArguments[1]);
}
}
}
public interface YourStore extends ContentStore<YourEntity entity, UUID>, AccessControllable {
}
Should allow you to call:
store.setContentACL(entity, acl);
Apologies for the overly cumbersome way of adding an extension (the getMethods
and invoke
methods). This needs tidying up but it should work.
from spring-content.
If there is a requirement for it then we can definitely look into this @FeDLviv. Are you thinking this could be another entity annotation?
from spring-content.
Are you thinking this could be another entity annotation?
Even better if this field with special enum and user should be able to set access level, before saved file.
from spring-content.
Sorry for the inactivity on this issue. I was thinking about this one a little more.
If you are associating content with Spring Data Entities (and that content is being stored in S3 clearly). I notice your example is PublicRead
so is that content being actively accessed directly via another API (the S3 API I would presume?) in addition to the Spring Content API?
Or is this just about setting an appropriate ACL on the content so that if it happens to be accessed it can't be messed with
Setting an initial ACL upon creation is fine (and easy) but presumably, you would you expect the ACL to be changed appropriately on the s3 object if the ACL field on the Entity ever changed.
from spring-content.
I notice your example is PublicRead so is that content being actively accessed directly via another API (the S3 API I would presume?) in addition to the Spring Content API?
This example from my project without using Spring Custom, only Spring Data and AWS SDK for Java. User choose access level (private or public URL for read), before saved file.
you would you expect the ACL to be changed appropriately on the s3 object if the ACL field on the Entity ever changed.
It would be nice to have this opportunity, but I would just have to set the level of access before record a file. Thereafter ignore all attempts changes value (for example - base entity without setter for this field or annotation Column with updatable = false)
from spring-content.
More thoughts.
-
ACLs are complex objects.
PublicRead
is really just a grant to theAllUsers
Grantee. Others use cases may require permissions to be set on more than one Grantee. It is not clear to me how we would represent this on an Entity. Separate annotated fields perhaps? These would have to be serializable by Spring Data. -
I feel that only setting ACL upon creation would be of limited use to others.
As already discussed, if we add ACL logic to the S3 store's setContent
implementation (for example) then when the entity's ACL field(s) are updated there is nothing to call the setContent
in order to update the content object's ACL. This would only work for new Entities.
I also considered whether, or not, it would be possible to orchestrate this from a Spring Data REST event handler but then realized you have the opposite problem in that, for new entities, the content object wouldn't yet exist and therefore nothing to set the ACL on yet!
So, neither approach will work. One only handles new objects and the other only handles existing objects.
So I am now considering if we should have a specialization of ContentStore
, S3ContentStore
, with ACL management methods like setContentACL(S entity)
and getContentACL
. Potentially, we could also layer Spring Content REST extensions on top of this that add a request mapping for an ACL resource. So, for example /myentity/12345/acl
would address the ACL for the content associated with entity 12345.
Thoughts?
Flipping things completely on their head. I am also wondering whether you would need any of this at all IF you adopted Spring Content REST in addition to Spring Content S3. If you adopted Spring Content REST then access to the S3 objects would be via the Spring Content REST endpoints, not the S3 endpoints (you could enforce this by denying all access except for the access key used by your application). You could then secure the endpoints for your exported Content Stores using typical spring security approaches as shown in this Spring Data REST example.
Curious if this would work for you, or not. And if not, why.
from spring-content.
Many thanks, it's a great option.
from spring-content.
Related Issues (20)
- @ContentLength field is set to 0 instead of null for nullable types
- POST to content-property without content-type results in NPE / HTTP-500 HOT 1
- Link relation and path configured with @RestResource ignored for content properties with multiple capital letters HOT 1
- Do not include junit as compile dependency
- Exception with unsetContent using SB3 and SC3.0.4 JPA Starter HOT 1
- File download not working on windows platform HOT 1
- How do I configure com.github.paulcwarren:spring-content-bom for spring boot kotlin gradle? HOT 1
- Hibernate dependency error HOT 4
- No suitable HttpMessageConverter found to read request body into object of type class com.example.demo.entity.client.image.Avatar from request with content type of image/png;charset=UTF-8 HOT 8
- Investigation into the cause of `java.lang.NullPointerException: Cannot invoke "org.springframework.content.commons.storeservice.StoreInfo.getInterface()" because the return value of "internal.org.springframework.content.rest.io.StoreResource.getStoreInfo()" is null`
- Maven build error with Graal VM on Spring Content HOT 4
- Crash when use FileSystemResourceLoader in the latest version of spring boot HOT 1
- Not compatible with Spring Boot 3.2: method Assert.notNull(Object) does not exist HOT 2
- If-Match HTTP header gets ignored by a concurrent PUT after DELETE on the content of an entity HOT 1
- Filesize and filename are not set after a multipart/form POST http request to create entity with content HOT 1
- Events emitted twice HOT 2
- Relation "Blobs" not found HOT 2
- Multipart request to create entity and content in single request fails with http 400 HOT 1
- Multipart request to create entity and content in one request fail to create entity when file is missing
- Adding content to s3-storage fails with http 500 when using spring boot 3.2.1+ HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-content.