liubao created SCB-1341:
---------------------------
Summary: support layered roles configuration
Key: SCB-1341
URL: https://issues.apache.org/jira/browse/SCB-1341
Project: Apache ServiceComb
Issue Type: Sub-task
Components: Fence
Reporter: liubao
Assignee: liubao
If ROLE_ADMIN and ROLE_USER contains ROLE_COMMON, and a method can be accessed
with ROLE_COMMON, when token has only ROLE_USER, the access is granted.
for authentication server:
# can send as less information as possible
for resource server:
# can validate by role layer
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
