sungwy commented on code in PR #3681:
URL: https://github.com/apache/polaris/pull/3681#discussion_r2796139891
##########
polaris-core/src/main/java/org/apache/polaris/core/auth/PolarisAuthorizer.java:
##########
@@ -27,14 +27,36 @@
/** Interface for invoking authorization checks. */
public interface PolarisAuthorizer {
+ /**
+ * Pre-authorization hook for resolving authorizer-specific inputs.
+ *
+ * <p>Implementations may resolve or validate any inputs needed to make an
authorization decision.
+ */
+ void preAuthorize(@Nonnull AuthorizationState ctx, @Nonnull
AuthorizationRequest request);
Review Comment:
Hi @adutra - actually @dimas-b brought up this point as well. We could
return a boolean instead, but that would leave it to all of the Handler call
sites to raise an exception instead.
For `preAuthorize` (or `resolveAuthorizationInput` which is a naming option
we are discussing in [this RFC
comment](https://docs.google.com/document/d/1OaiQG_C4-yUe0ihaDBxtw_mEcOOzUBnWPazzVbjQi5U/edit?disco=AAABzyyDy_U)),
I think it makes sense to raise an exception if we aren't able to resolve the
inputs ahead of time.
What do you think?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
