[infinispan-dev] Securing access to Infinispan REST server

Manik Surtani manik at jboss.org
Tue Jul 6 13:16:41 EDT 2010 

On 6 Jul 2010, at 18:04, Jeff Ramsdale wrote:

> I've actually been interested in how to run the REST server from
> within my app without the use of a web server. That is, I don't want
> to deploy a WAR. A solution to this authentication problem might take
> into account scenarios in which the server is embedded and not running
> in a servlet container.

How would you do this?  Embed Jetty or something in your app?

> 
> -jeff
> 
> On Tue, Jul 6, 2010 at 2:29 AM, Manik Surtani <manik at jboss.org> wrote:
>> Front it with a webserver and let the webserver handle security?
>> 
>> 
>> On 6 Jul 2010, at 09:31, Galder Zamarreño wrote:
>> 
>>> Hi,
>>> 
>>> During my REST/Cloud presentation, I got a particularly interesting question about the Infinispan REST server.
>>> 
>>> As it is, once the REST module is deployed, anyone can access it as shown in http://community.jboss.org/wiki/AccessingdatainInfinispanviaRESTfulinterface
>>> 
>>> Now, how would you go about authentication/authorization to access Infinispan via REST?
>>> 
>>> Since at the end of the day the REST module is a war, users would need to tweak it accordingly in order to configure the security constraints under its web.xml defining the corresponding roles and authentication methods. Wouldn't they?
>>> 
>>> I don't think it's possible for Infinispan to provide a more restricted Infinispan REST module, but instead some guidelines on how to secure it would be handy.
>>> 
>>> Thoughts?
>>> --
>>> Galder Zamarreño
>>> Sr. Software Engineer
>>> Infinispan, JBoss Cache
>>> 
>>> 
>>> _______________________________________________
>>> infinispan-dev mailing list
>>> infinispan-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/infinispan-dev
>> 
>> --
>> Manik Surtani
>> manik at jboss.org
>> Lead, Infinispan
>> Lead, JBoss Cache
>> http://www.infinispan.org
>> http://www.jbosscache.org
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> infinispan-dev mailing list
>> infinispan-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/infinispan-dev
>> 
> 
> _______________________________________________
> infinispan-dev mailing list
> infinispan-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/infinispan-dev

--
Manik Surtani
manik at jboss.org
Lead, Infinispan
Lead, JBoss Cache
http://www.infinispan.org
http://www.jbosscache.org

More information about the infinispan-dev mailing list