Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-8736

REST endpoint authorization

    XMLWordPrintable

Details

    • Enhancement
    • Status: Resolved (View Workflow)
    • Major
    • Resolution: Done
    • None
    • None
    • REST, Security, Server
    • None

    Description

      The REST endpoint does not use the authenticated user to access authz caches. We need to:

      • integrate with the ServerAuthenticationProvider as used by the Hot Rod endpoint so that we can use security callbacks and retrieve a fully populated subject (including groups). This should ultimately connect with Elytron.
      • add SecurityActions within the rest code
      • Return 403 forbidden where needed

      Attachments

        Issue Links

          Activity

            People

              ttarrant@redhat.com Tristan Tarrant
              ttarrant@redhat.com Tristan Tarrant
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: