ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mikhail Petrov <pmgheap....@gmail.com>
Subject [DISCUSSION] REST requests explicit authorization.
Date Wed, 11 Sep 2019 14:34:35 GMT
Igniters,

I would like to suggest expanding the IgniteSecurity interface with a 
method for REST requests explicit authorization (e.g. public void 
authorize(GridRestRequest req) throws SecurityException;).

Currently, REST request authorization starts in 
GridRestProcessor#authorize(GridRestRequest) where GridRestCommand is 
converted to SecurityPermission and then passed to 
IgniteSecurity#authorize(String, SecurityPermission) for final 
authorization.

I propose to allow GridSecurityProcessor to make an authorization 
decision on its own by giving it GridRestRequest.

This approach can help to avoid tough mapping GridRestCommand -> 
SecurityPermission and achieve much more flexibility in tweaking REST 
request authorization.

I will appreciate your feedback on this proposal.


Mime
View raw message