Uploaded image for project: 'Data Movement as a Platform'
  1. Data Movement as a Platform
  2. DMAAP-901 [BC] Enable Authentication on Buscontroller API
  3. DMAAP-1112

Create authentication/authorization filter based on CADI usage

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Done
    • Icon: Medium Medium
    • None
    • None
    • None
    • DMAAP-Dub-01-(12/3/18-12/13)

      • permission check should keep "boot env" functionality
      • remove usePE flag from configuration files (remember to remove all references from code)
      • new solution should be based on ApiPermission.class and associated interface (ApiAuthorizationCheckInterface) for backward compatibility purpose

       

      Implementation details:

      UseAAF flag has been used to turn on all AAF functionality:

      • adding perms to AAF when creating/updating DMaaP instance
      • authentication check using CADI
      • authorization check using CADI and dynamically built permission to check  for each resource endpoint

      For backward compatibility if AAF flag is turned on previous implementation is enabled based on current AuthorizationFilter and ApiPermission class. This filter switchong has been made due to the technology differences: Jersey filters do not implement directly servlet api, but CADI filter is based on it.

            kamyk kamyk
            piotr.karas piotr.karas
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: