dev@glassfish.java.net

Re: private administration commands

From: Roberto Chinnici <Roberto.Chinnici_at_Sun.COM>
Date: Fri, 03 Apr 2009 15:35:51 +0200

Jerome Dochez wrote:
> Hi All
>
> Hong asked me if we could add the ability to have private commands to
> v3. Private commands are remote commands that can be used by our tools
> like jsr88client, IDE tools, and GUI but users would not have access
> to using the normal CLI client. The point is not to protect or
> securely prevent commands to be executed by random users, it's simply
> about obfuscating them so users don't access them innocently as they
> won't be supported across releases. Please note that the current
> mechanism could be extended to secure invocations but I think it's an
> overkill at this point.
>
> I have just added the feature so to define a new private command you
> just need to annotate your AdminCommand implementation with
> @Visibility annotation and let the system do the rest.
>
> example :
>
> @Service(name="my-private-command")
> @Visibility(Private.class)
> public class MyPrivateCommand implements AdminCommand {
> ...
> }
>
> So far there are only two types of visibility defined in the system
>
> @Visibility(Public.class)
> @Visibility(Private.class)
>
> we could add more to bind commands to even stricter clients like for
> instance @Visbility(MySuperTool.class) but I don't think we will have
> to go that far. If you don't annotate your AdminCommand implementation
> it gets the default visibility of Public.
>

Is there any particular reason why you defined Visibility as:

public @interface Visibility {
    Class<? extends Privacy> value();
}

instead of

public @interface Visibility {
    VisibilityPolicy value() default PRIVATE;
}

where

public enum VisibilityPolicy {
    PRIVATE,
    PUBLIC
}

?

I understand using a Class is more extensible, but it seems to me that
the Visibility type (and VisibilityPolicy in my version) and the code
processing it will always evolve in sync, so there is not much benefit
to such extensibility. I would also argue that if one day you really do
@Visibility(MySuperTool) then you should use a different annotation.

On the other hand, by using an enumeration, you gain two things: the
user doesn't have to type .class and you can set a reasonable default
value (I picked PRIVATE).

--Roberto
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.