Skip to content

Refactor API key creator realm check  #52511

New issue
New issue
Closed
#54145
Closed
Refactor API key creator realm check #52511
#54145
Assignees
ywangd
Labels
:Security/AuthenticationLogging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)>enhancementv8.0.0-alpha1
@ywangd

Description

@ywangd
ywangd
opened on Feb 19, 2020

The current methods for checking API key creator realm (ApiKeyService#getCreatorRealmXxx) can be improved by:

  • Use sourceRealm instead authenticatedBy so lookedUp is always in effect (if there is one).
    Right now this does not cause real problem since API key cannot impersonate another key.
    But it is better to be consistent with other checks and be future proof.
  • Test for AuthenticateType is better done using Enum instead of string comparison.

Metadata

Metadata

Assignees

Labels

:Security/AuthenticationLogging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)>enhancementv8.0.0-alpha1

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions