-
Notifications
You must be signed in to change notification settings - Fork 4
GSIP 91 Enhance authentication filter chain configuration
Enhance the filter chain configuration to cover common configuration uses cases. This GSIP is motivated by the security elements offered by the J2EE web.xml file.
[mcr]
2.3.0
Choose one of: Under Discussion, In Progress, Completed, Rejected, Deferred
The current security system uses a fixed set of filter chains. The chains can be configured but there are some common uses cases which are not supported. Example:
The REST filter chain uses the ANT pattern: /rest/**\\**
Anonymous users should have access for HTTP POST and GET. Authenticated USERS should have access for all HTTP methods (PUT,DELETE,…). Since basic authentication is used, SSL is required.
Chains needed (the order is important):
-
/rest/**\\**(GET,POST) -
/rest/**\\** (\\\*y), SSL required
This GSIP introduces the following new features:
- HTTP requests are matched by ANT patterns AND the allowed HTTP methods
- An optional SSL filter may reject HTTP requests
- Add and remove chains
- Reorder the list of chains
All enhancments are configureable using the Admin GUI.
This section should contain feedback provided by PSC members who may have a problem with the proposal.
State here any backwards compatibility issues.
Alessio Fabiani: Andrea Aime: Ben Caradoc Davies: Christian Mueller: Gabriel Roldan: Jody Garnett: +1 Jukka Rahkonen: Justin Deoliveira: Phil Scadden: Simone Giannecchini:
JIRA Task Email Discussion Wiki Page