This project was super helpful for getting me started with creating an Ignite plugin for custom authorization.
However, it's not clear to me how to debug this code.
Here are some of my questions:
Is the login object (in SecurityCredentials) convertible to a string? (I'm hoping that the string equals the username of the person attempting the action.)
I need to be able to check usernames against what actions are allowed for those users. Is AuthenticationProcessor.authorize(..) the right place to put that logic? If so, then what would SecurityContextImpl be used for? It looks like the AuthenticationContext that gets passed to SecurityContextImpl's constructor in SecurityProcessor.authenticate(..) could be used as a property in SecurityContextImpl for performing most of the complex auth logic.
SecurityProcessor.authenticateNode(..) does not pass an AuthenticationContext instance to the constructor of SecurityContextImpl. What purpose does SecurityContextImpl provide in this situation? It looks like perhaps it could be used to set very broad restrictions (that would apply to all users); but, if so, then I'd think it would be better to create a second class that implements SecurityContext specifically for these broad restrictions, perhaps like: