Have a context in the global authorization provider

[jsirach]

Hi!

I think this place is better than creating an issue.

There is the possibility to create a global authorization provider, but this is without a supplied context. When there is a context known, the source that requires authorization would be available.

An example would be (pseudo):

class RestAuthorizationProvider implements AuthorizationProvider { Context getcontext(); }

Which then could be extended so my own written authorization provider would have access to the context.

Ofcourse, this would require a way to determine the permissions set on an endpoint.

[drejc]

Sure why not.
There already exists the RoleBasedUserAuthorizationProvider - for back compatibility only, but I can include a base authorizaition provider for convenience.