opa-spring-security
opa-spring-security copied to clipboard
Bisnode
Open Policy Agent for Spring Security
We need a functionality where OPA will be responsible for filling security context in Spring. We should assume JWT token as input and response should be somehow mapped to Authentication...
README should include an easily digested step-by-step section on how to get started using the library, alternatively link to a more extensive guide.
> Voting has a huge drawback that you can't pass the reason for denial. Also, if you keep authorization policies decoupled (as you should when using OPA), I don't think...
Currently, we're forcing users to create policies that always say `allow` and `reason`. There should be a way, to let them interpret and allow/deny access based on their fields.
There should be a way to decorate/substitute default request template with user's own. User might want to send additional information or pre-processed information (like extracted JWT) to OPA so they...
Currently, we're always using path, method and JWT to make queries to OPA. We should allow for better elasticity.
There should be a way to easily say what should be sent to OPA in a request. The idea is to have annotations that could look like this: ```java @OpaRequest(document...
There has been a discussion over the way of managing dependencies in our project. Currently, we have a `kt` file with dependencies and their versions, so that declaration of dependency...