11.7. REST Interface Security

11.7.1. Publish REST Endpoints as a Public Interface

Red Hat JBoss Data Grid's REST server operates as a management interface by default. To extend its operations to a public interface, alter the value of the interface parameter in the socket-binding element from management to public as follows:

<socket-binding name="http" 
		interface="public" 
		port="8080"/>

Report a bug

11.7.2. Enable Security for the REST Endpoint

Use the following procedure to enable security for the REST endpoint in Red Hat JBoss Data Grid.

Note

The REST endpoint supports any of the JBoss Enterprise Application Platform security subsystem providers.

Procedure 11.2. Enable Security for the REST Endpoint

To enable security for JBoss Data Grid when using the REST interface, make the following changes to standalone.xml:

Specify Security Parameters

Ensure that the rest endpoint specifies a valid value for the security-domain and auth-method parameters. Recommended settings for these parameters are as follows:

<subsystem xmlns="urn:infinispan:server:endpoint:6.1">
            <rest-connector virtual-server="default-host" 
                            cache-container="local" 
                            security-domain="other" 
                            auth-method="BASIC"/>
</subsystem>

Check Security Domain Declaration
Ensure that the security subsystem contains the corresponding security-domain declaration. For details about setting up security-domain declarations, see the JBoss Enterprise Application Platform 6 documentation.
Add an Application User
Run the relevant script and enter the configuration settings to add an application user.
1. Run the adduser.sh script (located in $JDG_HOME/bin).
  - On a Windows system, run the adduser.bat file (located in $JDG_HOME/bin) instead.
2. When prompted about the type of user to add, select Application User (application-users.properties) by entering b.
3. Accept the default value for realm (ApplicationRealm) by pressing the return key.
4. Specify a username and password.
5. When prompted for a group, enter REST.
6. Ensure the username and application realm information is correct when prompted and enter "yes" to continue.
Verify the Created Application User
Ensure that the created application user is correctly configured.
1. Check the configuration listed in the application-users.properties file (located in $JDG_HOME/standalone/configuration/). The following is an example of what the correct configuration looks like in this file:
```
user1=2dc3eacfed8cf95a4a31159167b936fc
```
2. Check the configuration listed in the application-roles.properties file (located in $JDG_HOME/standalone/configuration/). The following is an example of what the correct configuration looks like in this file:
```
user1=REST
```
Test the Server
Start the server and enter the following link in a browser window to access the REST endpoint:
```
http://localhost:8080/rest/namedCache
```
Note
If testing using a GET request, a 405 response code is expected and indicates that the server was successfully authenticated.

Report a bug

Where did the comment section go?

Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

11.7. REST Interface Security

11.7.1. Publish REST Endpoints as a Public Interface

11.7.2. Enable Security for the REST Endpoint

Where did the comment section go?