This group is locked. No changes can be made to the group while it is locked.
Re: Musings about passing SecurityContexts between threads
Kent Watsen <kwatsen@...>
I missed that meeting and thus don't have context, but my first question
toggle quoted messageShow quoted text
is why do you need to do this at all? That is, in my world-view, the incoming northbound request is steered to the appropriate service for processing. That service is responsible to enforcing access-control, and does so without other services needing to do any additional enforcement. For instance, let's say you have a service that can generate pretty CIO reports off data persisted by an analytics service. Furthermore, let's say that the particular user sending the request is only allowed to see a subset of the data (e.g. tenant=="pepsi" && device-type=="firewall"). So we might have: User Reporting Service Analytics Service | | | | | | | | | | Generate report | | | over all data | | |------------------>| | | | | | | | | | Get data where | | | tenant=="pepsi" && | | | device-type=="firewall" | | |------------------------->| | | | | | | So no need for an internal call to pass a security context. Can it not be the same here? Thanks, Kent
On 6/13/14, 4:10 PM, "Ed Warnicke (eaw)" <eaw@...> wrote:
Guys,
|
|