tinkerpop-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [tinkerpop] QwentB removed a comment on pull request #1308: TINKERPOP-2389 WIP: Authorization support in TinkerPop
Date Tue, 22 Sep 2020 03:00:11 GMT

QwentB removed a comment on pull request #1308:
URL: https://github.com/apache/tinkerpop/pull/1308#issuecomment-696000979

   Thanks @spmallette for linking to two threads as they're obviously related.
   I'm not sure if it would cover all possible use cases, but the Authorizer could return
the RequestMessage instead of the AuthorizedUser. It would allow an implementations to update
the RequestMessage by adding/modifying steps, add/remove Strategies or even change the "resource"
that will be effectivelly bound to the request.
   As pointed by @vtslab, the user's authorizations should be available in the context, at
least for WebSocket requests, so they can be applied without requiring an authentication step.
If the Authorizer return an updated RequestMessage, we probably need to introduce an AuthorizedUserProvider
component and the channel look like something like
   1. Authenticator return the AuthenticatedUser

This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:

View raw message