Hello, Mikhail!
Why do we need to avoid tough mapping GridRestCommand -> SecurityPermission?
Maybe it would be more transparent if we add to the GridRestCommand a field
that will contain SecurityPermission for this command?
ср, 11 сент. 2019 г. в 17:34, Mikhail Petrov <
[hidden email]>:
> Igniters,
>
> I would like to suggest expanding the IgniteSecurity interface with a
> method for REST requests explicit authorization (e.g. public void
> authorize(GridRestRequest req) throws SecurityException;).
>
> Currently, REST request authorization starts in
> GridRestProcessor#authorize(GridRestRequest) where GridRestCommand is
> converted to SecurityPermission and then passed to
> IgniteSecurity#authorize(String, SecurityPermission) for final
> authorization.
>
> I propose to allow GridSecurityProcessor to make an authorization
> decision on its own by giving it GridRestRequest.
>
> This approach can help to avoid tough mapping GridRestCommand ->
> SecurityPermission and achieve much more flexibility in tweaking REST
> request authorization.
>
> I will appreciate your feedback on this proposal.
>
>
Locked
