[infinispan-dev] Securing access to Infinispan REST server

Hi, During my REST/Cloud presentation, I got a particularly interesting question about the Infinispan REST server. As it is, once the REST module is deployed, anyone can access it as shown in http://community.jboss.org/wiki/AccessingdatainInfinispanviaRESTfulinterface Now, how would you go about authentication/authorization to access Infinispan via REST? Since at the end of the day the REST module is a war, users would need to tweak it accordingly in order to configure the security constraints under its web.xml defining the corresponding roles and authentication methods. Wouldn't they? I don't think it's possible for Infinispan to provide a more restricted Infinispan REST module, but instead some guidelines on how to secure it would be handy. Thoughts? -- Galder Zamarreño Sr. Software Engineer Infinispan, JBoss Cache