This page last changed on Jan 21, 2013 by jive.

Overview

Enhance the filter chain configuration to cover common configuration uses cases. This GSIP is motivated by the security elements offered by the J2EE web.xml file.

Proposed By

mcr

Assigned to Release

2.3.0

State

Choose one of: Under Discussion, In Progress, Completed, Rejected, Deferred

Motivation

The current security system  uses a fixed set of filter chains. The chains can be configured but there are some common uses cases which are not supported.
Example:

The REST filter chain uses the ANT pattern: /rest/**

Anonymous users should have access for HTTP POST and GET. Authenticated USERS should have access for all HTTP methods (PUT,DELETE,...). Since basic authentication is used, SSL is required.

Chains needed (the order is important):

  • /rest/** (GET,POST)
  • /rest/** (*y) , SSL required

Proposal

This GSIP introduces the following new features:
1) HTTP requests are matched by  ANT patterns AND the allowed HTTP methods
2) An optional SSL filter may reject HTTP requests
3) Add and remove chains
4) Reorder the list of chains

All enhancments are configureable using the Admin GUI.

Feedback

This section should contain feedback provided by PSC members who may have a problem with the proposal.

Backwards Compatibility

State here any backwards compatibility issues.

Voting

Alessio Fabiani:
Andrea Aime:
Ben Caradoc-Davies:
Christian Mueller:
Gabriel Roldán:
Jody Garnett: +1
Jukka Rahkonen:
Justin Deoliveira:
Phil Scadden:
Simone Giannecchini:

Links

[JIRA Task|]
[Email Discussion|]
[Wiki Page|]

Document generated by Confluence on May 14, 2014 23:00