How to add authentication and authorisation for a single cache or at cache-container level in JDG.

Solution Unverified - Updated -

Environment

  • Red Hat JBoss Data Grid (JDG)
    • 7.x

Issue

  • How to define Role Based access for cache/cache-containers ?
  • How to create multiple users to access the cache, each user is authorized to access few cache containers ?

Resolution

  • The security configuration can be differentiated at cache level as well as in cache-container.
  • If you have admin user in the ManagementRealm then below steps are required :
  • Assign a group (admin in the following example) to the user which will result in below :
$JDG_HOME/standalone/configuration/mgmt-groups.properties: admin=Admins
  • Set map-groups-to-roles=true.
 <management> 
    <security-realms>
      <security-realm name="ManagementRealm"> ... 
       <authorization map-groups-to-roles="true"> <!-- change from "false" to "true" -->
  • Add a role for the group which would result in below standalone.xml file.
<subsystem xmlns="urn:infinispan:server:core:8.4" default-cache-container="local"> 
  <cache-container name="local" default-cache="default" statistics="true">
     <security>
       <authorization> 
            <identity-role-mapper/> 
            <role name="Admins" permissions="ALL"/> 
            <!-- add your management group mapped in mgmt-groups.properties --> 
            <role name="coach" permissions="READ WRITE"/> 
            <role name="player" permissions="READ"/> 
       </authorization>

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments