Uploaded image for project: 'appNG'
  1. appNG
  2. APPNG-2461

Support role based access control for caching

    XMLWordPrintable

    Details

    • Type: Feature
    • Status: Done
    • Priority: Medium
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 1.25.0
    • Component/s: None
    • Labels:
      None

      Description

      This is needed to avoid scenarios where a user can get acceess to a cached resource that he should not be able to see.

      The idea is that the application can add custom x-appng-required-role headers to any cacheable resource that it delivers.
      If these headers (which are not being deliverd to the client) are present, the PageCacheFilter needs to compare them with a session-based list of the users's roles and reject access if required.

        Attachments

          Activity

            People

            • Assignee:
              mueller.matthias Matthias Müller
              Reporter:
              mueller.matthias Matthias Müller
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: