[infinispan-dev] Securing access to Infinispan REST server
Manik Surtani
manik at jboss.org
Tue Jul 6 05:29:55 EDT 2010
Front it with a webserver and let the webserver handle security?
On 6 Jul 2010, at 09:31, Galder Zamarreño wrote:
> Hi,
>
> During my REST/Cloud presentation, I got a particularly interesting question about the Infinispan REST server.
>
> As it is, once the REST module is deployed, anyone can access it as shown in http://community.jboss.org/wiki/AccessingdatainInfinispanviaRESTfulinterface
>
> Now, how would you go about authentication/authorization to access Infinispan via REST?
>
> Since at the end of the day the REST module is a war, users would need to tweak it accordingly in order to configure the security constraints under its web.xml defining the corresponding roles and authentication methods. Wouldn't they?
>
> I don't think it's possible for Infinispan to provide a more restricted Infinispan REST module, but instead some guidelines on how to secure it would be handy.
>
> Thoughts?
> --
> Galder Zamarreño
> Sr. Software Engineer
> Infinispan, JBoss Cache
>
>
> _______________________________________________
> infinispan-dev mailing list
> infinispan-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/infinispan-dev
--
Manik Surtani
manik at jboss.org
Lead, Infinispan
Lead, JBoss Cache
http://www.infinispan.org
http://www.jbosscache.org
More information about the infinispan-dev
mailing list