tinkerpop-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [tinkerpop] QwentB commented on pull request #1308: TINKERPOP-2389 WIP: Authorization support in TinkerPop
Date Mon, 21 Sep 2020 09:23:43 GMT

QwentB commented on pull request #1308:
URL: https://github.com/apache/tinkerpop/pull/1308#issuecomment-696000979


   Thanks @spmallette for linking to two threads as they're obviously related.
   I'm not sure if it would cover all possible use cases, but the Authorizer could return
the RequestMessage instead of the AuthorizedUser. It would allow an implementations to update
the RequestMessage by adding/modifying steps, add/remove Strategies or even change the "resource"
that will be effectivelly bound to the request.
   As pointed by @vtslab, the user's authorizations should be available in the context, at
least for WebSocket requests, so they can be applied without requiring an authentication step.
If the Authorizer return an updated RequestMessage, we probably need to introduce an AuthorizedUserProvider
component and the channel look like something like
   
   1. Authenticator return the AuthenticatedUser
   2. 
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



Mime
View raw message