Hi Dmitri, I think it would make sense to remove these annotations. While convenient, such annotations freeze the allowed roles at compile time, and imho this won't be extensible enough for Polaris.
Thanks, Alex On Fri, Jan 24, 2025 at 3:25 PM Dmitri Bourlatchkov <di...@apache.org> wrote: > Hi All, > > Currently the code generated for various REST API endpoints contains > "@RolesAllowed" annotations. > > Do people find them critical? > > From my POV, it is preferable to delegate all authorization logic > to PolarisAuthorizer implementations and remove any framework-specific ways > to control access. > > WDYT? > > Thanks, > Dmitri. >
