Guard suggestion

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Guard suggestion

Rémi Dewitte-2-3
Hello all,

Let me make a suggestion about the Guard class.

It would allow the authorize method to make a decision even if no authentication is present.

Why not adding an authorizeMissing attribute and change handling of AUTHENTICATION_MISSING in doHandle method
from
        challenge(response, false);
to
        if(isAuthorizeMissing() && authorize(request)){
            accept(request, response);
        }else{
            challenge(response, false);
        }

Cheers,
Rémi