[infinispan-issues] [JBoss JIRA] (ISPN-8736) REST endpoint authorization
Tristan Tarrant (JIRA)
issues at jboss.org
Tue Jan 30 11:12:00 EST 2018
Tristan Tarrant created ISPN-8736:
-------------------------------------
Summary: REST endpoint authorization
Key: ISPN-8736
URL: https://issues.jboss.org/browse/ISPN-8736
Project: Infinispan
Issue Type: Enhancement
Components: REST, Security, Server
Reporter: Tristan Tarrant
Assignee: Tristan Tarrant
The REST endpoint does not apply authorization checks. We need to:
- integrate with the ServerAuthenticationProvider as used by the Hot Rod endpoint so that we can use security callbacks and retrieve a fully populated subject (including groups)
- add SecurityActions within the rest code
- Return 403 forbidden where needed
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the infinispan-issues
mailing list