The current methods for checking API key creator realm (ApiKeyService#getCreatorRealmXxx) can be improved by:
- Use sourceRealm instead authenticatedBy so lookedUp is always in effect (if there is one).
Right now this does not cause real problem since API key cannot impersonate another key.
But it is better to be consistent with other checks and be future proof.
- Test for AuthenticateType is better done using Enum instead of string comparison.
The current methods for checking API key creator realm (ApiKeyService#getCreatorRealmXxx) can be improved by:
Right now this does not cause real problem since API key cannot impersonate another key.
But it is better to be consistent with other checks and be future proof.