collado-mike opened a new pull request, #623:
URL: https://github.com/apache/polaris/pull/623
<!--
Possible security vulnerabilities: STOP here and contact
[email protected] instead!
Please update the title of the PR with a meaningful message - do not
leave it "empty" or "generated"
Please update this summary field:
The summary should cover these topics, if applicable:
* the motivation for the change
* a description of the status quo, for example the current behavior
* the desired behavior
* etc
PR checklist:
- Do a self-review of your code before opening a pull request
- Make sure that there's good test coverage for the changes included in
this PR
- Run tests locally before pushing a PR (./gradlew check)
- Code should have comments where applicable. Particularly
hard-to-understand
areas deserve good in-line documentation.
- Include changes and enhancements to the documentation (in
site/content/in-dev/unreleased)
- For Work In Progress Pull Requests, please use the Draft PR feature.
Make sure to add the information BELOW this comment.
Everything in this comment will NOT be added to the PR description.
-->
Currently, the `Resolver` checks the PrincipalRole usage grants available
for a Principal entity when determining which roles are active for a request.
These roles are then passed on to the `PolarisAuthorizer` so that authorization
can be done on the operation and target object.
This PR changes the `Resolver` to instead rely on the `SecurityContext` to
determine which roles the principal has access to. A request filter populates
the `SecurityContext` using an `ActiveRolesProvider`. The default
implementation still looks up the principal role usage grants, but now the
filter can be replaced by new implementations that determine role membership in
other ways (e.g., by checking an authentication token or delegating to a third
party identity provider).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
