-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/30/2015 12:22 PM, Thomas Heute wrote:
That said I am fine not providing security within Metrics and have
it part of Hawkular only if we can. I am much more hesitant
providing multiple stacks for multiple purposes as it makes testing
much more complicated.
Not sure how it would work by not having security within metrics (or
any other component). Each component would have a security layer
around it, and the security is propagated from the outermost layer to
the inner layers. Example:
- - user
-- UI console
-- backend A
-- backend B
-- backend C
On this situation, UI console is protected via keycloak.js, which
sends a token to "backend A" representing the "user". If "backend
A"
needs to talk to "backend B" on behalf of the user, it sends the token
with the request. But each of those components (UI console, backend A,
B, C) are protected.
Of course, we could also have unprotected backends and only the UI
console being protected, but I think it's not really an option.
Note that each component is secured by a Keycloak *adapter*. The
server needs to be "somewhere", not necessarily on the same
application server instance that a specific component resides (if
that's what you meant above by not having it "within Metrics").
- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJUz01kAAoJECKM1e+fkPrXlz4H/2BHmd3FwVlOyJu/CBU5rrvW
PnhvI8ELWqKNzD7FRAbHaTKw5ULAOB2qYa6iKtAyqijQXqC1/ijGWVSfkavuH06V
SeA6eYUwmGGZo5O6DSs9rGFbDZJ+wXvQ3RdX4uOt9RLZQj/EMAwLefT39Rg+i+je
/FVSY/9Kd9LGNuuIcn0sh4oBzXmFKXMtXtC/39Wylb0eF0bM/phEXq/0E40S6V6S
to2MUXeYjdoAOedgE0kxpEgI+Lv86rFedpsyJ8cdo5Az8vZtErWcg8h8dti0RCkP
SFf+A+zwyVfX5/2aLPBC1k+rUSATCJtlVFAjcwZSsrlBIcIZtOu2FI68uqT5JXg=
=BDpA
-----END PGP SIGNATURE-----