Ask questions and see you at August, 1st, 8.PM. CET: youtube.com/c/bienadam
Also checkout recent episode:
Please keep the questions Jakarta EE-stic. Means: as short and as concise as only possible. Feel free to ask several, shorter questions. Upcoming airhacks.tv events are also going to be announced at meetup.com/airhacks
Hi Adam,
We have a quarkus based app. It's all reactive using Mutiny. We're also using MongoDB. My question is related to security, authorization specific.
We have our own authorization service. Users are authorized using roles and their permissions. These permissions (for e.g. list.users), can have different constraints for e.g. only list users that begin with a specific character.
So a user role in application can have assigned permission "list.users" but under constraint that he can see only users that begin with specific character.
For every request we build a @RequestScoped class that holds information about current request info (even role and permission and any constraint if any).
Any suggestion from you, how can we implement such case without having to write IF conditions all over the place?
Is there any way to maybe somehow "intercept" mongo queries and add custom Filter based on constraint.
Architecture: We have a rest resource, then a service layer and the repo layer. Where do you think is the best place to build mongo query filters, or how do you think we should approach to resolve this issue?
I couldn't find a way in Quarkus to intercept the mongo query and maybe modify at runtime.
Thanks a lot,
Best regards