[jira] [Updated] (IGNITE-19807) Deprecate legacy authorization approach through Security Context.

Sun, 14 Jan 2024 23:38:03 -0800 


     [ 
https://issues.apache.org/jira/browse/IGNITE-19807?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mikhail Petrov updated IGNITE-19807:
------------------------------------
    Description: 
We currently have several ways to check if a user has permission to perform an 
operation.


1. IgniteSecurity#authorize methods that delegate permission check to security 
plugin.
2. SecurityContext#*OperationAllowed methods. They currently are used just for 
one check. This approach assumes that granted  permissions set is returned 
during user authentication and remains immutable.

Let's deprecate the second authorization approach and support both 
authorization approaches for the  JOIN_AS_SERVER permission (the only 
permission that is checked through SecurityContext authorization API).
 

  was:
We currently have several ways to check if a user has permission to perform an 
operation.


1. IgniteSecurity#authorize methods that delegate permission check to security 
plugin.
2. SecurityContext#*OperationAllowed methods. They currently are used just for 
one check. This approach assumes that granted  permissions set is returned 
during user authentication and remains immutable.

Let's deprecate the second authorization approach and migrate completely to the 
first.
 


> Deprecate legacy authorization approach through Security Context.
> -----------------------------------------------------------------
>
>                 Key: IGNITE-19807
>                 URL: https://issues.apache.org/jira/browse/IGNITE-19807
>             Project: Ignite
>          Issue Type: Task
>            Reporter: Mikhail Petrov
>            Assignee: Mikhail Petrov
>            Priority: Major
>              Labels: ise
>             Fix For: 2.16
>
>          Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> We currently have several ways to check if a user has permission to perform 
> an operation.
> 1. IgniteSecurity#authorize methods that delegate permission check to 
> security plugin.
> 2. SecurityContext#*OperationAllowed methods. They currently are used just 
> for one check. This approach assumes that granted  permissions set is 
> returned during user authentication and remains immutable.
> Let's deprecate the second authorization approach and support both 
> authorization approaches for the  JOIN_AS_SERVER permission (the only 
> permission that is checked through SecurityContext authorization API).
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to