// Perform auth checks outside BodyConsumer as only the first http request containing auth header
// to populate SecurityRequestContext while http chunk doesn't. BodyConsumer runs in the thread
// that processes the last http chunk.
accessEnforcer.enforce(new ApplicationId(namespace.getNamespace(), artifactName),
authenticationContext.getPrincipal(),
StandardPermission.CREATE);
Release Notes
None
Activity
Show:
Fixed
Pinned fields
Click on the next to a field label to start pinning.
ArtifactHTTPHandler#addArtifact currently performs a check on ApplicationID instead of the expected ArtifactID:
// Perform auth checks outside BodyConsumer as only the first http request containing auth header // to populate SecurityRequestContext while http chunk doesn't. BodyConsumer runs in the thread // that processes the last http chunk. accessEnforcer.enforce(new ApplicationId(namespace.getNamespace(), artifactName), authenticationContext.getPrincipal(), StandardPermission.CREATE);