[
https://issues.jboss.org/browse/ISPN-9704?page=com.atlassian.jira.plugin....
]
Gustavo Fernandes updated ISPN-9704:
------------------------------------
Description:
Currently the REST server requires authentication but does not offer authorization
capabilities. The new REST API described in ISPN-8535 requires that invocations on
resources can be restricted on a per user/role basis.
Examples:
/GET on /rest/v2/{cacheName} should be allowed for all authenticated users
/POST on /rest/v2/{cacheName} should be restricted to users having the ADMIN role
Role MONITOR could have permission only to do GET on /rest/v2/caches/mycache/stats
was:
Currently the REST server requires authentication but does not offer authorization
capabilities. The new REST API described in ISPN-8535 requires that invocations on
resources can be restricted on a per user/role basis.
Examples:
/GET on /rest/v2/{cacheName} should be allowed for all authenticated users
/POST on /rest/v2/{cacheName} should be restricted to users having the ADMIN role
REST fine grained security support
----------------------------------
Key: ISPN-9704
URL:
https://issues.jboss.org/browse/ISPN-9704
Project: Infinispan
Issue Type: Feature Request
Reporter: Gustavo Fernandes
Priority: Major
Currently the REST server requires authentication but does not offer authorization
capabilities. The new REST API described in ISPN-8535 requires that invocations on
resources can be restricted on a per user/role basis.
Examples:
/GET on /rest/v2/{cacheName} should be allowed for all authenticated users
/POST on /rest/v2/{cacheName} should be restricted to users having the ADMIN role
Role MONITOR could have permission only to do GET on /rest/v2/caches/mycache/stats
--
This message was sent by Atlassian Jira
(v7.12.1#712002)