Allow to extend and customize the Permission Denied behavior

Question

Allow to extend and customize the Permission Denied behavior

jardelnovaes opened this issue 5 years ago · 4 comments

Permission Denied has two options:

Redirect to the URL set in permission-denied-page

OR

Send the response 403-Permission Denied

Unfortunately it'll be the same for all kind of requests and we need to response a JSON for APIs and a HTML for user pages.

Expected behavior:

Allow to extend and customize the Permission Denied behavior implementing a custom class.
Keep the current behavior as default behave.

Suggestion:

Create an interface PermissionDeniedHandler.
Implement a default class that will behave as today.
Change the AuthenticationRunner.tryExecuteChain method to use the interface PermissionDeniedHandler rather than the current code.
Create the property server.auth.permission-denied-handler for the PermissionDeniedHandler
Set a default class into defaults.yml

jardelnovaes commented 5 years ago

released.

Answer 1 · 2020-02-18T17:26:11.000Z

@roneigebert asked me to implement this issue.

Answer 2 · 2020-02-18T22:22:16.000Z

Sounds quite good, actually. I'll be more than happy if you send me a PR, specially under @roneigebert 's supervision. ;)

…

On Wed, Feb 19, 2020 at 4:26 AM Jardel Novaes ***@***.***> wrote: @roneigebert <https://github.com/roneigebert> asked me to implement this issue. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#269?email_source=notifications&email_token=AAD7NUHDKBFC4LVO44CB3XTRDQK3JA5CNFSM4KXI7UM2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEMC3T7I#issuecomment-587577853>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAD7NUHM4DSR2N6MJHZOIB3RDQK3JANCNFSM4KXI7UMQ> .

Answer 3 · 2020-02-18T23:08:47.000Z

I'm already working on it!