84a2f1adf2
Anonymous roles resolution and user role deduplication are now performed during authentication instead of authorization. The change ensures: * If anonymous access is enabled, user will be able to see the anonymous roles added in the roles field in the /_security/_authenticate response. * Any duplication in user roles are removed and will not show in the above authenticate response. * In any other case, the response is unchanged. It also introduces a behaviour change: the anonymous role resolution is now authentication node specific, previously it was authorization node specific. Details can be found at #47195 (comment) |
||
|---|---|---|
| .. | ||
| basic-enable-security | ||
| security-basic | ||
| security-disabled | ||
| security-not-enabled | ||
| security-trial | ||
| tls-basic | ||
| build.gradle | ||