sungwy commented on code in PR #3681:
URL: https://github.com/apache/polaris/pull/3681#discussion_r2791169080
##########
polaris-core/src/main/java/org/apache/polaris/core/auth/PolarisAuthorizer.java:
##########
@@ -27,14 +27,36 @@
/** Interface for invoking authorization checks. */
public interface PolarisAuthorizer {
+ /**
+ * Pre-authorization hook for resolving authorizer-specific inputs.
+ *
+ * <p>Implementations may resolve or validate any inputs needed to make an
authorization decision.
+ */
+ void preAuthorize(@Nonnull AuthorizationCallContext ctx, @Nonnull
AuthorizationRequest request);
+ /** Core authorization entry point for the new SPI. */
+ void authorize(@Nonnull AuthorizationCallContext ctx, @Nonnull
AuthorizationRequest request);
Review Comment:
actually, on second thought - I wonder if this would be an
over-optimization, before we know how the rest of the new methods would look
like in the Authorizer SPI. There's a few follow up discussions around
filtering, fetching obligations and storage configs which I think we should
factor in before deciding if this handler based approach would make sense...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
