[JBoss JIRA] (ISPN-8736) REST endpoint authorization

Thursday, 1 February 2018



     [
https://issues.jboss.org/browse/ISPN-8736?page=com.atlassian.jira.plugin....
]

Tristan Tarrant updated ISPN-8736:
----------------------------------
    Description: 
The REST endpoint does not use the authenticated user to access authz caches. We need to:
- integrate with the ServerAuthenticationProvider as used by the Hot Rod endpoint so that
we can use security callbacks and retrieve a fully populated subject (including groups)
- add SecurityActions within the rest code
- Return 403 forbidden where needed

  was:
The REST endpoint does not apply authorization checks. We need to:
- integrate with the ServerAuthenticationProvider as used by the Hot Rod endpoint so that
we can use security callbacks and retrieve a fully populated subject (including groups)
- add SecurityActions within the rest code
- Return 403 forbidden where needed


...
 REST endpoint authorization
 ---------------------------

                 Key: ISPN-8736
                 URL: https://issues.jboss.org/browse/ISPN-8736
             Project: Infinispan
          Issue Type: Enhancement
          Components: REST, Security, Server
            Reporter: Tristan Tarrant
            Assignee: Tristan Tarrant

 The REST endpoint does not use the authenticated user to access authz caches. We need
to:
 - integrate with the ServerAuthenticationProvider as used by the Hot Rod endpoint so that
we can use security callbacks and retrieve a fully populated subject (including groups)
 - add SecurityActions within the rest code
 - Return 403 forbidden where needed 


--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009