[infinispan-issues] [JBoss JIRA] (ISPN-10327) REST endpoint authorization

Wednesday, 19 June 2019


Wolf-Dieter Fink created ISPN-10327:
---------------------------------------

             Summary: REST endpoint authorization
                 Key: ISPN-10327
                 URL: https://issues.jboss.org/browse/ISPN-10327
             Project: Infinispan
          Issue Type: Enhancement
          Components: REST, Security, Server
            Reporter: Wolf-Dieter Fink
            Assignee: Tristan Tarrant


The REST endpoint does not use the authenticated user to access authz caches. We need to:
- integrate with the ServerAuthenticationProvider as used by the Hot Rod endpoint so that
we can use security callbacks and retrieve a fully populated subject (including groups)
- add SecurityActions within the rest code
- Return 403 forbidden where needed


--
This message was sent by Atlassian Jira
(v7.12.1#712002)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

[infinispan-issues] [JBoss JIRA] (ISPN-10327) REST endpoint authorization