Igniters,
I would like to suggest expanding the IgniteSecurity interface with a
method for REST requests explicit authorization (e.g. public void
authorize(GridRestRequest req) throws SecurityException;).
Currently, REST request authorization starts in
GridRestProcessor#authorize(GridRestRequest) where GridRestCommand is
converted to SecurityPermission and then passed to
IgniteSecurity#authorize(String, SecurityPermission) for final
authorization.
I propose to allow GridSecurityProcessor to make an authorization
decision on its own by giving it GridRestRequest.
This approach can help to avoid tough mapping GridRestCommand ->
SecurityPermission and achieve much more flexibility in tweaking REST
request authorization.
I will appreciate your feedback on this proposal.
