Hi Fabio, > > > > === Renaming Service === > > Rename AuthenticationController to EntitlementService(Impl), since > containing methods have little to nothing to do with authentication. It is > only > about Entitlements... > > Why not AuthorizationController or AccessController? I'd prefer the first one. > May be this controller will be improved to add access controller features int > the next future (please, take a look at the roadmap).
I just took a look at the roadmap, and as far as I understand, authorization features mentioned there are all about handling ENTITLEMENTS for different realms and avoiding duplicates. REST based services are focusing on resources and not processes. Authorization or AccessControl describes a process, whereas Entitlement is the actual resource needed for Authorization decisions. Let me give you an example. Authorization Services usually provide a method like "user.hasRole(admin)" in RESTful design this would be mapped to asking for an existing resource: Like http://loclahost:9080/entitlements/users/4711/entitlements/admin if user with id 4711 has role admin the response would be 200 OK (maybe with entitlement object in response body). If user does not have the role admin, response code would be 404 NOT FOUND, hence the caller would know that user 4711 is not authorized. >From this perspective, do you agree with me? Best regards. Jan
