Project

General

Profile

Story #2523

authorization implementations should be centralized

Added by Rob Nahf about 12 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Rob Nahf
Category:
Documentation
Target version:
-
Start date:
2012-05-17
Due date:
% Done:

100%

Story Points:
Sprint:

Description

In the java code, the authorization algorithm is implemented in a few packages: metacat & d1_solr_extensions, at least. These two show differences in building the set of authorized subjects from the client's session object, and differing handling of null values that may exist in the provided session object. The handling of subjectInfo also differs between MN and CN contexts, (whereby the MNs use the subjectInfo contained in the certificate and the CNs don't).

Having a common, well-tested implementation of the algorithm, or parts of it (session parsing, for example) will result in a more reliable and consistent authorization process across the different subcomponents of the CNs and MNs.

Subtasks

Task #2779: create authorization methods in d1_common_javaClosedRob Nahf

Task #2780: utilitize AuthUtils methods in metacat authorizationClosedRob Nahf

Task #3339: utilize AuthUtils methods for search() / query() ClosedSkye Roseboom

History

#1 Updated by Rob Nahf almost 12 years ago

  • Category changed from d1_common_java to Documentation

#2 Updated by Dave Vieglais over 6 years ago

  • % Done changed from 30 to 100
  • Status changed from In Progress to Closed

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)