Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-444

AuthorizationIdentity and PermissionMapper

    XMLWordPrintable

Details

    • Enhancement
    • Resolution: Done
    • Major
    • 1.1.0.Beta6
    • None
    • API / SPI, Realms
    • None
    • Low

    Description

      When we initially designed the PermissionMapper we went to certain lengths to avoid exposing details of the realm. But now as the API has evolved it is clear that the permission mapper will need access to more information. The AuthorizationIdentity (or perhaps another object which includes the AuthorizationIdentity) should be made available to the permission mapper.

      In addition, this object could be expanded to include more information about the authentication, for example mechanism-specific information, which can feed into the authorization decision and could be useful for other things. Examples include: authentication timestamp, mechanism name/kind, forwarding credentials, and other attributes which derive from the mechanism as opposed to the identity.

      Attachments

        Issue Links

          blocks

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) ELY-461 Enhancements to PermissionMapper, RoleMapper, RoleDecoder

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              dlloyd@redhat.com David Lloyd
              dlloyd@redhat.com David Lloyd
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: