[jira] [Updated] (IGNITE-19807) Deprecate legacy authorization approach through Security Context.

Wed, 16 Aug 2023 01:40:07 -0700 


     [ 
https://issues.apache.org/jira/browse/IGNITE-19807?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mikhail Petrov updated IGNITE-19807:
------------------------------------
    Description: 
We currently have several ways to check if a user has permission to perform an 
operation.


1. IgniteSecurity#authorize methods that delegate permission check to security 
plugin.
2. SecurityContext#*OperationAllowed methods. They currently are used just for 
one check. This approach assumes that granted  permissions set is returned 
during user authentication and remains immutable.

Let's deprecate the second authorization approach and migrate completely to the 
first.
 

  was:
We currently have several ways to check if a user has permission to perform an 
operation.


1. IgniteSecurity#authorize methods that delegate permission check to security 
plugin.
2. SecurityContext#*OperationAllowed methods. That are currently is used just 
for one check. This approach assumes that granted  permissions set is returned 
during user authentication and remains immutable.

Let's deprecate the second authorization approach and migrate completely to the 
first.
 


> Deprecate legacy authorization approach through Security Context.
> -----------------------------------------------------------------
>
>                 Key: IGNITE-19807
>                 URL: https://issues.apache.org/jira/browse/IGNITE-19807
>             Project: Ignite
>          Issue Type: Bug
>            Reporter: Mikhail Petrov
>            Assignee: Mikhail Petrov
>            Priority: Major
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> We currently have several ways to check if a user has permission to perform 
> an operation.
> 1. IgniteSecurity#authorize methods that delegate permission check to 
> security plugin.
> 2. SecurityContext#*OperationAllowed methods. They currently are used just 
> for one check. This approach assumes that granted  permissions set is 
> returned during user authentication and remains immutable.
> Let's deprecate the second authorization approach and migrate completely to 
> the first.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to