[infinispan-issues] [JBoss JIRA] (ISPN-11763) Make cache authorization roles declaration implicit
Tristan Tarrant (Jira)
issues at jboss.org
Mon May 4 06:24:00 EDT 2020
[ https://issues.redhat.com/browse/ISPN-11763?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tristan Tarrant updated ISPN-11763:
-----------------------------------
Status: Pull Request Sent (was: Open)
Git Pull Request: https://github.com/infinispan/infinispan/pull/8273
> Make cache authorization roles declaration implicit
> ---------------------------------------------------
>
> Key: ISPN-11763
> URL: https://issues.redhat.com/browse/ISPN-11763
> Project: Infinispan
> Issue Type: Enhancement
> Components: Security
> Affects Versions: 11.0.0.Dev05
> Reporter: Tristan Tarrant
> Assignee: Tristan Tarrant
> Priority: Major
> Fix For: 11.0.0.CR1
>
>
> Specifying cache authorization roles is a chore because a user must declare which global roles apply to each individual cache.
> By making the cache roles implicit, we can apply all roles declared in the global config to caches automatically:
> {code:xml}
> <cache-container>
> <security>
> <authorization>
> <identity-role-mapper/>
> <role name="AdminRole" permissions="ALL"/>
> <role name="ReaderRole" permissions="READ"/>
> <role name="WriterRole" permissions="WRITE"/>
> <role name="SupervisorRole" permissions="READ WRITE EXEC BULK_READ"/>
> </authorization>
> </security>
> <distributed-cache name="secure-implicit">
> <security><authorization/></security>
> </distributed-cache>
> <distributed-cache name="secure-explicit">
> <security><authorization roles="AdminRole ReaderRole WriterRole SupervisorRole"/></security>
> </distributed-cache>
> </cache-container>
> {code}
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the infinispan-issues
mailing list