[MAGNOLIA-1532] JAAS - Authorization modules should only be responsible to add ACL Created: 14/May/07  Updated: 23/Jan/13  Resolved: 24/Sep/07

Status: Closed
Project: Magnolia
Component/s: security
Affects Version/s: 3.1 M1
Fix Version/s: 3.1 M3

Type: Improvement Priority: Major
Reporter: Sameer Charles Assignee: Sameer Charles
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)

 Description   

Current implementation of JCR Authorization module forces you to duplicate users in JCR even if authentication source is external.

IMHO

  • Authentication module should check for credentials (like it is now) in addition collect groups and roles together with details like user language, email etc..
  • Authorization module can use above information to read access control list for this user

this will help us develope authentication modules for any data/directory source without having to duplicate users in JCR


Generated at Mon Feb 12 03:27:49 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.