Description
Currently it's not possible to configure the server so that authentication is only enabled on either the REST or HotRod endpoint. When utilising authentication elements on either endpoint it's mandatory for the `<endpoints ...` `security-realm` attribute to be set, otherwise the following exception is thrown:
11:04:12,367 FATAL (main) [org.infinispan.SERVER] ISPN080028: Infinispan Server failed to start org.infinispan.commons.CacheConfigurationException: ISPN080021: Authentication cannot be configured without a security realm at org.infinispan.server.configuration.hotrod.HotRodServerConfigurationParser.parseAuthentication(HotRodServerConfigurationParser.java:204) at org.infinispan.server.configuration.hotrod.HotRodServerConfigurationParser.parseHotRodConnector(HotRodServerConfigurationParser.java:111) at org.infinispan.server.configuration.hotrod.HotRodServerConfigurationParser.readElement(HotRodServerConfigurationParser.java:56) at org.infinispan.configuration.parsing.ParserRegistry.parseElement(ParserRegistry.java:224) at org.infinispan.configuration.parsing.XMLExtendedStreamReaderImpl.handleAny(XMLExtendedStreamReaderImpl.java:60) at org.infinispan.server.configuration.ServerConfigurationParser.parseEndpoints(ServerConfigurationParser.java:1126) at org.infinispan.server.configuration.ServerConfigurationParser.parseServerElements(ServerConfigurationParser.java:121) at org.infinispan.server.configuration.ServerConfigurationParser.readElement(ServerConfigurationParser.java:92) at org.infinispan.configuration.parsing.ParserRegistry.parseElement(ParserRegistry.java:224) at org.infinispan.configuration.parsing.XMLExtendedStreamReaderImpl.handleAny(XMLExtendedStreamReaderImpl.java:60) at org.infinispan.configuration.parsing.Parser.readElement(Parser.java:127) at org.infinispan.configuration.parsing.ParserRegistry.parseElement(ParserRegistry.java:224) at org.infinispan.configuration.parsing.ParserRegistry.parse(ParserRegistry.java:194) at org.infinispan.configuration.parsing.ParserRegistry.parse(ParserRegistry.java:180) at org.infinispan.configuration.parsing.ParserRegistry.parse(ParserRegistry.java:169) at org.infinispan.server.Server.parseConfiguration(Server.java:270) at org.infinispan.server.Server.<init>(Server.java:198) at org.infinispan.server.Bootstrap.runInternal(Bootstrap.java:138) at org.infinispan.server.tool.Main.run(Main.java:98) at org.infinispan.server.Bootstrap.main(Bootstrap.java:40) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.infinispan.server.loader.Loader.run(Loader.java:76) at org.infinispan.server.loader.Loader.main(Loader.java:39)
However, setting the security-realm attribute means that authentication is automatically configured for endpoints that do no have a <authentication> element set. So the following xml always results in REST authentication being enabled.
<endpoints socket-binding="default" security-realm="default"> <hotrod-connector name="hotrod"> <authentication> <sasl mechanisms="SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-1 DIGEST-SHA-512 DIGEST-SHA-384 DIGEST-SHA-256 DIGEST-SHA DIGEST-MD5 PLAIN" /> </authentication> </hotrod-connector> <rest-connector name="rest"/> </endpoints>
It should be possible for REST auth to be disabled and HotRod auth enabled and vice-versa.