> 2. use SPI pattern so that users can change to other authorization machanisms
Great! I also think extensibility is very important because most companies may already have their own authorization&authentication system inside, allowing them to easily legacy that system can be important. Jun > On Feb 19, 2019, at 2:05 PM, 柯振旭 <kezhenx...@163.com> wrote: > > HI Dubbo Comunity: > There is no authorization or authentication in the current version of > dubbo-ops and it's open to all users, > so I'm planing to bring authorization to dubbo-ops[1] for the sake of > security, here is my thought: > > > 1. provide a simple authorization implementation(for example Spring > Security?) [2] > 2. use SPI pattern so that users can change to other authorization machanisms > > > any advice is appreciated, thanks :) > > > [1] https://github.com/apache/incubator-dubbo-ops/issues/210 > [2] https://github.com/apache/incubator-dubbo-ops/issues/204