How to add authentication and authorisation for a single cache or at cache-container level in JDG.
Environment
- Red Hat JBoss Data Grid (JDG)
- 7.x
Issue
- How to define Role Based access for cache/cache-containers ?
- How to create multiple users to access the cache, each user is authorized to access few cache containers ?
Resolution
- The security configuration can be differentiated at
cache
level as well as incache-container
. - If you have
admin
user in the ManagementRealm then below steps are required : - Assign a group (
admin
in the following example) to the user which will result in below :
$JDG_HOME/standalone/configuration/mgmt-groups.properties: admin=Admins
- Set
map-groups-to-roles
=true
.
<management>
<security-realms>
<security-realm name="ManagementRealm"> ...
<authorization map-groups-to-roles="true"> <!-- change from "false" to "true" -->
- Add a role for the group which would result in below
standalone.xml
file.
<subsystem xmlns="urn:infinispan:server:core:8.4" default-cache-container="local">
<cache-container name="local" default-cache="default" statistics="true">
<security>
<authorization>
<identity-role-mapper/>
<role name="Admins" permissions="ALL"/>
<!-- add your management group mapped in mgmt-groups.properties -->
<role name="coach" permissions="READ WRITE"/>
<role name="player" permissions="READ"/>
</authorization>
- For detailed documentation please refer to Securing Caches Guide
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments