openapi查询权限

描述

贡献者指南

技术栈

javaspring

领域

apiauthorization

议题类型

security

难度面向新贡献者的预计实现难度，1 表示很小改动，5 表示专家级工作。

4

预计时间有经验贡献者完成调查、实现、测试并准备 pull request 的粗略时间范围。

3-5 days

活动状态议题当前的可参与程度：新鲜、活跃、陈旧、阻塞或等待维护者输入。

stale

清晰度议题是否清楚说明期望改动、验收标准和下一步。

unclear

前置要求

Understand Apollo portal permission modelFamiliarity with Apollo openapiJava/Spring development experience

新手友好度1-100 的估计分数，表示该议题对首次贡献者的友好程度。

25

研究方向

Investigate the current openapi authentication mechanism (e.g., token validation) and compare with portal's permission checks. The issue has 4 comments, likely discussing scope. Check if a design decision was reached. Propose a solution to restrict token based queries to authorized appids using Spring Security or custom interceptors.