[infinispan-dev] Fine-grained security proposals
Vojtech Juranek
vjuranek at redhat.com
Tue Sep 15 11:16:42 EDT 2015
Hi,
> I've created a wiki entry for fine-grained authorization.
could you specify use-cases which you'd like to solve by this feature? If I
want e.g. restrict access to entries only to user who created the entry, the
callback itself doesn't easily (*) solve the problem, as I need some
additional entry metadata for the decision, etc.
Btw: in case of auth. callback I see custom code as an advantage, as it gives
me freedom to implement my security policy as I like. And we can provide some
common callbacks for users who don't want to implement it themselves.
Thanks
Vojta
(*) I can probably e.g. encode some subject hash into the key and then
allow/reject request for entry based on hash of requesting subject, but this
is not a very nice solution
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
Url : http://lists.jboss.org/pipermail/infinispan-dev/attachments/20150915/bb8f8110/attachment-0001.bin
More information about the infinispan-dev
mailing list