This page last changed on Jan 21, 2013 by jive.


Enhance the filter chain configuration to cover common configuration uses cases. This GSIP is motivated by the security elements offered by the J2EE web.xml file.

Proposed By


Assigned to Release



Choose one of: Under Discussion, In Progress, Completed, Rejected, Deferred


The current security system  uses a fixed set of filter chains. The chains can be configured but there are some common uses cases which are not supported.

The REST filter chain uses the ANT pattern: /rest/**

Anonymous users should have access for HTTP POST and GET. Authenticated USERS should have access for all HTTP methods (PUT,DELETE,...). Since basic authentication is used, SSL is required.

Chains needed (the order is important):

  • /rest/** (GET,POST)
  • /rest/** (*y) , SSL required


This GSIP introduces the following new features:
1) HTTP requests are matched by  ANT patterns AND the allowed HTTP methods
2) An optional SSL filter may reject HTTP requests
3) Add and remove chains
4) Reorder the list of chains

All enhancments are configureable using the Admin GUI.


This section should contain feedback provided by PSC members who may have a problem with the proposal.

Backwards Compatibility

State here any backwards compatibility issues.


Alessio Fabiani:
Andrea Aime:
Ben Caradoc-Davies:
Christian Mueller:
Gabriel Roldán:
Jody Garnett: +1
Jukka Rahkonen:
Justin Deoliveira:
Phil Scadden:
Simone Giannecchini:


[JIRA Task|]
[Email Discussion|]
[Wiki Page|]

Document generated by Confluence on May 14, 2014 23:00