[infinispan-dev] Securing access to Infinispan REST server
Galder Zamarreño
galder at jboss.org
Tue Jul 6 04:31:04 EDT 2010
Hi,
During my REST/Cloud presentation, I got a particularly interesting question about the Infinispan REST server.
As it is, once the REST module is deployed, anyone can access it as shown in http://community.jboss.org/wiki/AccessingdatainInfinispanviaRESTfulinterface
Now, how would you go about authentication/authorization to access Infinispan via REST?
Since at the end of the day the REST module is a war, users would need to tweak it accordingly in order to configure the security constraints under its web.xml defining the corresponding roles and authentication methods. Wouldn't they?
I don't think it's possible for Infinispan to provide a more restricted Infinispan REST module, but instead some guidelines on how to secure it would be handy.
Thoughts?
--
Galder Zamarreño
Sr. Software Engineer
Infinispan, JBoss Cache
More information about the infinispan-dev
mailing list