Copy request headers to the subjectAttributes provided by the AuthorizationRequestInterceptor


The AuthorizationRequestInterceptor invokes the AuthorizationService with the request attributes as subjectAttributes parameter value (m_authorizationService.isAuthorized(subjectType, subjectAttributes, action, resourceType, resourceAttributes)).

These subjectAttributes are then provided as context to the EntityProvider with entityType

We'd like the request headers to be included as well, our implementation of this EntityProvider requires 2 of these headers for determining which role the current user has.
Our current workaround for this is to copy these specific headers to the request attributes using the ServletContextHelper.handleSecurity()




Zeger Tak