[rules-users] Guvnor5.5 : Rest Api Package Based Authentication
Zahid Ahmed
zahid.ahmed at emirates.com
Sun Sep 15 02:47:24 EDT 2013
Hi,
I have a centralized Guvnor5.5 environment where multiple applications access the Guvnor through rest api for their respective assets.
Each application is assigned a change-set that points to the Package containing assets for that application only. In each change-set the authentication provided is "basic-authentication".
Problem Case:
If the application developer knows the names of other packages he can point the application to run processes of other applications. This causes security issue for us. Applications should access assets assigned to them in their change-set only.
I need to setup user and permissions for access through REST interface on the basis of packages. Applications accessing Guvnor should be allowed only to access their respective package/assets/categories only.
Thanks and Best Regards,
Zahid Ahmed
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/rules-users/attachments/20130915/30917a9b/attachment.html
More information about the rules-users
mailing list