Details
-
Task
-
Resolution: Done
-
Major
-
None
-
None
-
None
Description
The AuthorizationManager has a few issues:
- it is using the deprecated ClusterRegistry: it should use an internal cache instead
- it stores per-cache subject ACLs globally, thus possibly returning incorrect ACL masks for a specific subject/cache pair
Solve the above by introducing a GlobalSecurityManager which starts a global ACL cache and only cache the subject role mapping and not the masks.
It would be useful if the AuthorizationManager also supported checking for a specific role in addition to a permission