]
Dan Berindei updated ISPN-5790:
-------------------------------
Status: Resolved (was: Pull Request Sent)
Fix Version/s: 8.1.0.Beta1
Resolution: Done
AuthorizationManager rework
---------------------------
Key: ISPN-5790
URL:
https://issues.jboss.org/browse/ISPN-5790
Project: Infinispan
Issue Type: Task
Reporter: Tristan Tarrant
Assignee: Tristan Tarrant
Fix For: 8.1.0.Beta1, 8.1.0.Final
The AuthorizationManager has a few issues:
- it is using the deprecated ClusterRegistry: it should use an internal cache instead
- it stores per-cache subject ACLs globally, thus possibly returning incorrect ACL masks
for a specific subject/cache pair
Solve the above by introducing a GlobalSecurityManager which starts a global ACL cache
and only cache the subject role mapping and not the masks.
It would be useful if the AuthorizationManager also supported checking for a specific
role in addition to a permission