[jboss-jira] [JBoss JIRA] (ELY-444) AuthorizationIdentity and PermissionMapper
David Lloyd (JIRA)
issues at jboss.org
Mon Mar 14 11:34:00 EDT 2016
[ https://issues.jboss.org/browse/ELY-444?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13176237#comment-13176237 ]
David Lloyd commented on ELY-444:
---------------------------------
This is almost an internal view to a SecurityIdentity, since some of this information already exists there. We shouldn't duplicate it, but maybe we can introduce an internal view class for each identity, or maybe we can introduce an accessor class like we have for authentication clients.
> AuthorizationIdentity and PermissionMapper
> ------------------------------------------
>
> Key: ELY-444
> URL: https://issues.jboss.org/browse/ELY-444
> Project: WildFly Elytron
> Issue Type: Enhancement
> Components: API / SPI, Realms
> Reporter: David Lloyd
> Fix For: 1.1.0.Beta5
>
>
> When we initially designed the PermissionMapper we went to certain lengths to avoid exposing details of the realm. But now as the API has evolved it is clear that the permission mapper will need access to more information. The AuthorizationIdentity (or perhaps another object which includes the AuthorizationIdentity) should be made available to the permission mapper.
> In addition, this object could be expanded to include more information about the authentication, for example mechanism-specific information, which can feed into the authorization decision and could be useful for other things. Examples include: authentication timestamp, mechanism name/kind, forwarding credentials, and other attributes which derive from the mechanism as opposed to the identity.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list