Hello, Mikhail! Why do we need to avoid tough mapping GridRestCommand -> SecurityPermission?
Maybe it would be more transparent if we add to the GridRestCommand a field that will contain SecurityPermission for this command? ср, 11 сент. 2019 г. в 17:34, Mikhail Petrov <pmgheap....@gmail.com>: > Igniters, > > I would like to suggest expanding the IgniteSecurity interface with a > method for REST requests explicit authorization (e.g. public void > authorize(GridRestRequest req) throws SecurityException;). > > Currently, REST request authorization starts in > GridRestProcessor#authorize(GridRestRequest) where GridRestCommand is > converted to SecurityPermission and then passed to > IgniteSecurity#authorize(String, SecurityPermission) for final > authorization. > > I propose to allow GridSecurityProcessor to make an authorization > decision on its own by giving it GridRestRequest. > > This approach can help to avoid tough mapping GridRestCommand -> > SecurityPermission and achieve much more flexibility in tweaking REST > request authorization. > > I will appreciate your feedback on this proposal. > >
