Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-9704

REST fine grained security support

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • None
    • None

      Currently the REST server requires authentication but does not offer authorization capabilities. The new REST API described in ISPN-8535 requires that invocations on resources can be restricted on a per user/role basis.

      Examples:
      /GET on /rest/v2/

      {cacheName} should be allowed for all authenticated users

      /POST on /rest/v2/{cacheName}

      should be restricted to users having the ADMIN role

      Role MONITOR could have permission only to do GET on /rest/v2/caches/mycache/stats

              Unassigned Unassigned
              gfernand@redhat.com Gustavo Fernandes (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: