Thanks Alan,
I've been thinking that it may be preferable to have hooks that allowed
us to inject our own permission checks, rather than retaining existing
permission checks.
An implementation can override Guard::check without requiring a provider
mechanism.
The other advantage is the ability to customize Permission
implementations, such as allowing address ranges in a SocketPermission
implementation and not consulting DNS to resolve host names.
Cheers,
Peter.
On 10/06/2021 11:55 pm, Alan Bateman wrote:
On 10/06/2021 07:40, Peter Firmstone wrote:
Just a quick question, would it be possible that some JFR hooks might
also be useable for an authorisation layer?
JFR events can't be used to intercept/veto operations, assuming that
is what you are asking. However, it might be that JFR events are
monitored as part of some overall security approach that takes into
account events recorded for health, performance, or troubleshooting
purposes.
-Alan
--
Regards,
Peter Firmstone
0498 286 363
Zeus Project Services Pty Ltd.
