Hello all, Let me make a suggestion about the Guard class.
It would allow the authorize method to make a decision even if no
authentication is present.
Why not adding an authorizeMissing attribute and change handling of
AUTHENTICATION_MISSING in doHandle method
from
challenge(response, false);
to
if(isAuthorizeMissing() && authorize(request)){
accept(request, response);
}else{
challenge(response, false);
}
Cheers,
Rémi
