On 02:58 pm, jacek99@gmail.com wrote:
Hi, I have an extra question going back to our original discussion on security.
If I serve a Resource Avatar from a Realm, is there any built-in way to attach something to the request as it is being intercepted by the Realm?
For example, for every request I would like to create a Principal object (username,first name,last name, list of privileges, etc.) and attach it to every request that has been authenticated.
From the API I see, it seems you can serve a customized Resource (and that is fine for simpler admin vs read-only authentication schemes), but in some cases you need really fine-grained APIs
It's actually fine for all cases, since it lets you do anything you want. For example, make the principal an argument to your custom Resource, save it as an attribute, and use it to make future access control decisions. Jean-Paul
(where a decorator per each REST method may be the only option), so it would be good for every request to be linked with the Principal that represents the user making the request.
Thanks for any suggestions Jacek