willmurnane opened a new issue, #103: URL: https://github.com/apache/accumulo-access/issues/103
[The default validator rejects several characters](https://github.com/apache/accumulo-access/blob/main/core/src/main/java/org/apache/accumulo/access/AuthorizationValidator.java#L99), but [the tokenizer accepts any characters while inside quotes](https://github.com/apache/accumulo-access/blob/main/core/src/main/java/org/apache/accumulo/access/impl/Tokenizer.java#L116). This combination means it's possible to create an expression that cannot be satisfied using the default validator. A possible change to solve this issue would be to pass the tokenizer an `AuthorizationValidator`, and have it validate each token before creating an object (or do this in the `AuthorizationToken` constructor). This would be my preferred solution. A possible workaround using the current code would be to pass a different validator that accepts anything when creating an `Authorizations` object. This does make it difficult to apply custom validation rules for tokens, though, since the validation is only applied when creating auth tokens but not when creating (pieces of) access expressions. That is, if I have a custom validator that says "the only characters considered valid are `abc`", I can't create an authorization token `def`, but I can still create an access expression `cab|def` because the token rules aren't enforced on access expressions. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
