Copy request headers to the subjectAttributes provided by the AuthorizationRequestInterceptor

Description

The AuthorizationRequestInterceptor invokes the AuthorizationService with the request attributes as subjectAttributes parameter value (m_authorizationService.isAuthorized(subjectType, subjectAttributes, action, resourceType, resourceAttributes)).

These subjectAttributes are then provided as context to the EntityProvider with entityType org.amdatu.security.authorization.rbac.SubjectRoles.

We'd like the request headers to be included as well, our implementation of this EntityProvider requires 2 of these headers for determining which role the current user has.
Our current workaround for this is to copy these specific headers to the request attributes using the ServletContextHelper.handleSecurity()

Assignee

Unassigned

Reporter

Zeger Tak

Labels

None

Priority

Major
Configure