Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-5790

AuthorizationManager rework

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Major
    • 8.1.0.Beta1, 8.1.0.Final
    • None
    • None
    • None

    Description

      The AuthorizationManager has a few issues:

      • it is using the deprecated ClusterRegistry: it should use an internal cache instead
      • it stores per-cache subject ACLs globally, thus possibly returning incorrect ACL masks for a specific subject/cache pair

      Solve the above by introducing a GlobalSecurityManager which starts a global ACL cache and only cache the subject role mapping and not the masks.

      It would be useful if the AuthorizationManager also supported checking for a specific role in addition to a permission

      Attachments

        Activity

          People

            ttarrant@redhat.com Tristan Tarrant
            ttarrant@redhat.com Tristan Tarrant
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: