Closed gary-rowe closed 12 years ago
gary-rowe
commented
12 years ago Introduce an @RestrictedTo annotation that requires a list of Authority entries. This is then looked up by the authenticator and if the user contains all referenced authorities, then the User is cleared.
cjroth
commented
12 years ago What's the status of this? Has anyone forked DropWizard with an implementation along these lines? I'd find this really useful.
gary-rowe
commented
12 years ago You can find an implementation in the develop branch. Look for uses of the @RestrictTo annotation.
Require a method of managing an Access Control List (ACL) within the Dropwizard environment. Something like the Spring Security approach, but blended with the simple
@Authannotation.The intention is to restrict access based on the Role and Authority so that customers can get access to their private information through the public port. Staff will perform their operations against the restricted port (specific IP addresses, permitted access hours, permitted information etc).