[Refactor] Remove the notion of SecurityRequestChannel #3476
Labels
CCI
College Contributor Initiative
good first issue
These are recommended starting points for newcomers looking to make their first contributions.
refactoring
code/test refactoring
triaged
Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Coming from [1] where this new interface was added.
This class is meant to send back a response through the channel that a current request has. As originally built up responses could be triggered from deep in code paths around the backend registry or authenticator implementations. As more and more refactoring was done these changes transitioned to passing back a response which would be used it if was found.
This model of checking if a response has already been created and should be sent to the client seems to be an obvious replacement for the current too permissive access to the request channel that many parts of the security plugin has.
Exit Criteria
Optional<SecurityResponse>
Optional<SecurityResponse>
as a return value for functionality that was directly using the channel. All instance of SecurityRequestChannel should be replaced with SecurityRequest.sendResponse()
are replaced in such a way that where and when the response is triggered is from the source of the request, such as the handler wrapper in the SecurityRestFilter or the AuthenticatingVerifier.The text was updated successfully, but these errors were encountered: