ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Denis Garus <garus....@gmail.com>
Subject Re: [DISCUSSION] REST requests explicit authorization.
Date Thu, 12 Sep 2019 10:40:09 GMT
Hello, Mikhail!

Why do we need to avoid tough mapping GridRestCommand -> SecurityPermission?

Maybe it would be more transparent if we add to the GridRestCommand a field
that will contain SecurityPermission for this command?

ср, 11 сент. 2019 г. в 17:34, Mikhail Petrov <pmgheap.sbt@gmail.com>:

> Igniters,
>
> I would like to suggest expanding the IgniteSecurity interface with a
> method for REST requests explicit authorization (e.g. public void
> authorize(GridRestRequest req) throws SecurityException;).
>
> Currently, REST request authorization starts in
> GridRestProcessor#authorize(GridRestRequest) where GridRestCommand is
> converted to SecurityPermission and then passed to
> IgniteSecurity#authorize(String, SecurityPermission) for final
> authorization.
>
> I propose to allow GridSecurityProcessor to make an authorization
> decision on its own by giving it GridRestRequest.
>
> This approach can help to avoid tough mapping GridRestCommand ->
> SecurityPermission and achieve much more flexibility in tweaking REST
> request authorization.
>
> I will appreciate your feedback on this proposal.
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message