Hi folks, I would like to propose a new way to deal with PolarisAuthorizers.
Today, the PolairsAuthorizerImpl is using one PolarisAuthorizer (injected with CDI using the corresponding qualifier). It works great for our current use cases. However, we see new Authorizers joining the party (a new one for OPA, etc). It means that we will have the need to "combine" several authorizers (for instance going to OPA, and falling back to the "default" Authorizer). To deal with that, I propose to adopt a paradigm similar to the LoginModules in JAAS, with the notion of required or optional. PolarisAuthorizers can contain a set of Authorizers (order matters), each Authorizer (by configuration) will have "required" or "optional" keywords. Required means that the isAuthorized() HAS to pass or it fails (and the following Authorizers are not used in the chain). Optional means that if isAuthorized() passes then it's good enough and the chain stops here, if it fails, the next Authorizer in the chain is used, etc. If the community thinks it's interesting, I can draft a proposal document, create an issue and a draft PR. Thoughts ? Thanks, Regards JB
