[infinispan-dev] Securing access to Infinispan REST server
Jeff Ramsdale
jeff.ramsdale at gmail.com
Tue Jul 6 13:24:12 EDT 2010
Possibly. It's been a little while since I looked through the
Infinispan code, so I'm uncertain of the architecture. Is the REST
server built on a toolkit? Is it servlet based? My primary REST
experience is with Restlet, which provides its own embeddable server
but can alternatively be dropped into a servlet container.
-jeff
On Tue, Jul 6, 2010 at 10:16 AM, Manik Surtani <manik at jboss.org> wrote:
>
> On 6 Jul 2010, at 18:04, Jeff Ramsdale wrote:
>
>> I've actually been interested in how to run the REST server from
>> within my app without the use of a web server. That is, I don't want
>> to deploy a WAR. A solution to this authentication problem might take
>> into account scenarios in which the server is embedded and not running
>> in a servlet container.
>
> How would you do this? Embed Jetty or something in your app?
>
>>
>> -jeff
>>
>> On Tue, Jul 6, 2010 at 2:29 AM, Manik Surtani <manik at jboss.org> wrote:
>>> Front it with a webserver and let the webserver handle security?
>>>
>>>
>>> On 6 Jul 2010, at 09:31, Galder Zamarreño wrote:
>>>
>>>> Hi,
>>>>
>>>> During my REST/Cloud presentation, I got a particularly interesting question about the Infinispan REST server.
>>>>
>>>> As it is, once the REST module is deployed, anyone can access it as shown in http://community.jboss.org/wiki/AccessingdatainInfinispanviaRESTfulinterface
>>>>
>>>> Now, how would you go about authentication/authorization to access Infinispan via REST?
>>>>
>>>> Since at the end of the day the REST module is a war, users would need to tweak it accordingly in order to configure the security constraints under its web.xml defining the corresponding roles and authentication methods. Wouldn't they?
>>>>
>>>> I don't think it's possible for Infinispan to provide a more restricted Infinispan REST module, but instead some guidelines on how to secure it would be handy.
>>>>
>>>> Thoughts?
>>>> --
>>>> Galder Zamarreño
>>>> Sr. Software Engineer
>>>> Infinispan, JBoss Cache
>>>>
>>>>
>>>> _______________________________________________
>>>> infinispan-dev mailing list
>>>> infinispan-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/infinispan-dev
>>>
>>> --
>>> Manik Surtani
>>> manik at jboss.org
>>> Lead, Infinispan
>>> Lead, JBoss Cache
>>> http://www.infinispan.org
>>> http://www.jbosscache.org
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> infinispan-dev mailing list
>>> infinispan-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/infinispan-dev
>>>
>>
>> _______________________________________________
>> infinispan-dev mailing list
>> infinispan-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/infinispan-dev
>
> --
> Manik Surtani
> manik at jboss.org
> Lead, Infinispan
> Lead, JBoss Cache
> http://www.infinispan.org
> http://www.jbosscache.org
>
>
>
>
>
> _______________________________________________
> infinispan-dev mailing list
> infinispan-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/infinispan-dev
>
More information about the infinispan-dev
mailing list