[ISPN-11763] Make cache authorization roles declaration implicit

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

Type: Enhancement
Resolution: Done
Priority: Major
Fix Version/s: 11.0.0.Final
Affects Version/s: 11.0.0.Final
Component/s: Security
Labels:
None

Sprint:
DataGrid Sprint #44
Git Pull Request:
https://github.com/infinispan/infinispan/pull/8273

Specifying cache authorization roles is a chore because a user must declare which global roles apply to each individual cache.
By making the cache roles implicit, we can apply all roles declared in the global config to caches automatically:

<cache-container>
<security>
      <authorization>
         <identity-role-mapper/>
         <role name="AdminRole" permissions="ALL"/>
         <role name="ReaderRole" permissions="READ"/>
         <role name="WriterRole" permissions="WRITE"/>
         <role name="SupervisorRole" permissions="READ WRITE EXEC BULK_READ"/>
      </authorization>
   </security>

  <distributed-cache name="secure-implicit">
  <security><authorization/></security>
  </distributed-cache>

  <distributed-cache name="secure-explicit">
    <security><authorization roles="AdminRole ReaderRole WriterRole SupervisorRole"/></security>
  </distributed-cache>
</cache-container>

There are no comments yet on this issue.

Assignee:: Tristan Tarrant

Reporter:: Tristan Tarrant

Archiver:: Amol Dongare

Created:: 2020/05/04 3:06 AM

Updated:: 2024/07/12 8:42 PM

Resolved:: 2020/05/13 4:27 PM

Archived:: 2024/11/28 6:21 AM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates

PagerDuty