[IGNITE-20814] Replace AuthorizationHeaderFilter with own implementation of SecurityFilter - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: rest
Labels:
- ignite-3

Ignite Flags:

Docs Required, Release Notes Required

Description

Current Behavior: We're currently injecting an empty Authorization header in requests lacking one, as Micronaut filters out requests without authentication headers. This is handled by the AuthorizationHeaderFilter.

Problem: This workaround is not ideal and could lead to maintainability issues.

Proposed Solution: Develop a custom SecurityFilter that:

Checks whether authentication is enabled.
Forwards requests to io.micronaut.security.filters.SecurityFilter if authentication is required.
Allows requests to proceed without authentication if it's not required.

Objective: To replace the AuthorizationHeaderFilter with a more robust and maintainable custom SecurityFilter implementation.

Attachments

Issue Links

links to

GitHub Pull Request #2819

Activity

People

Assignee:: Ivan Gagarkin

Reporter:: Ivan Gagarkin

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 08/Nov/23 15:26

Updated:: 10/Nov/23 12:25

Resolved:: 10/Nov/23 12:25

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

20m