[OWASP-ESAPI] Notes on Access Controller and AccessReferenceMap
me at alexsmolen.com
Wed Apr 29 00:42:49 EDT 2009
I was updating the .NET ESAPI and had a few notes on AccessController
and AccessReferenceMap in the Java implementation.
- I think the parameters to isAuthorized (Key and runtime parameter)
are pretty vague. What about subject, action, and resource, since this
is a pretty typical definition of access control in most contexts
(i.e. who does what to whom)?
- AccessControlRule should be in the reference, not in the interface.
Nothing else in the interface relies on it, and it makes assumptions
about how you want to implement access control, suggesting a level of
complexity that may be unnecessary.
-Overall, I think the DefaultAccessController implementation is
overkill. The typical access control calls (Is this user in the right
role to even be here? Does this user have access to this particular
account or file?) are pretty difficult to set up. Do others disagree?
-Why is there no way to get the list of indirect references? I could
see this being useful in a variety of contexts. I’d propose changing
Enumerator() to two methods, GetDirectReferences() and
-In AccessReferenceMapTest the testUpdate, you have a “test to make
sure old indirect reference is maintained after update”. However, this
indirect reference is null both times, since this test occurs after
you have removed. Are you sure this isn’t supposed to go before
removing the user?
-You might consider returning Collections rather than Iterators, which
are easier to iterate through with the for each loop, although this
would break 1.4 compatibility so probably not.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-ESAPI