We are using Zhewbacca for endpoint security in all of our Scala services and we love it for its non-intrusive approach. Sadly, we just encountered a blocker, because we need to extend our authorization process, where we apply additional authorization rules to OAuth tokens with a certain realm.
While we could certainly implement something in our controllers to verify this, we would like to keep everything security-related in one place. Therefore, I wonder if we could allow the registration of custom security rules (with custom configurations).
My current idea would be to add a registry for custom security rules and extend the authorization code so that it recognizes and validates more than the three standard rules, if there are any.
We are using Zhewbacca for endpoint security in all of our Scala services and we love it for its non-intrusive approach. Sadly, we just encountered a blocker, because we need to extend our authorization process, where we apply additional authorization rules to OAuth tokens with a certain realm.
While we could certainly implement something in our controllers to verify this, we would like to keep everything security-related in one place. Therefore, I wonder if we could allow the registration of custom security rules (with custom configurations).
My current idea would be to add a registry for custom security rules and extend the authorization code so that it recognizes and validates more than the three standard rules, if there are any.