[infinispan-issues] [JBoss JIRA] (ISPN-10327) REST endpoint authorization
Wolf-Dieter Fink (Jira)
issues at jboss.org
Wed Jun 19 11:11:00 EDT 2019
Wolf-Dieter Fink created ISPN-10327:
---------------------------------------
Summary: REST endpoint authorization
Key: ISPN-10327
URL: https://issues.jboss.org/browse/ISPN-10327
Project: Infinispan
Issue Type: Enhancement
Components: REST, Security, Server
Reporter: Wolf-Dieter Fink
Assignee: Tristan Tarrant
The REST endpoint does not use the authenticated user to access authz caches. We need to:
- integrate with the ServerAuthenticationProvider as used by the Hot Rod endpoint so that we can use security callbacks and retrieve a fully populated subject (including groups)
- add SecurityActions within the rest code
- Return 403 forbidden where needed
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the infinispan-issues
mailing list