[infinispan-issues] [JBoss JIRA] (ISPN-11763) Make cache authorization roles declaration implicit
Tristan Tarrant (Jira)
issues at jboss.org
Mon May 4 03:07:01 EDT 2020
Tristan Tarrant created ISPN-11763:
--------------------------------------
Summary: Make cache authorization roles declaration implicit
Key: ISPN-11763
URL: https://issues.redhat.com/browse/ISPN-11763
Project: Infinispan
Issue Type: Enhancement
Components: Security
Affects Versions: 11.0.0.Dev05
Reporter: Tristan Tarrant
Assignee: Tristan Tarrant
Fix For: 11.0.0.CR1
Specifying cache authorization roles is a chore because a user must declare which global roles apply to each individual cache.
By making the cache roles implicit, we can apply all roles declared in the global config to caches automatically:
{code:xml}
<cache-container>
<security>
<authorization>
<identity-role-mapper/>
<role name="AdminRole" permissions="ALL"/>
<role name="ReaderRole" permissions="READ"/>
<role name="WriterRole" permissions="WRITE"/>
<role name="SupervisorRole" permissions="READ WRITE EXEC BULK_READ"/>
</authorization>
</security>
<distributed-cache name="secure-implicit">
<security><authorization/></security>
</distributed-cache>
<distributed-cache name="secure-explicit">
<security><authorization roles="AdminRole ReaderRole WriterRole SupervisorRole"/></security>
</distributed-cache>
</cache-container>
{code}
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the infinispan-issues
mailing list