Enhance the filter chain configuration to cover common configuration uses cases. This GSIP is motivated by the security elements offered by the J2EE web.xml file.

[mcr]

2.3.0

Choose one of: Under Discussion, In Progress, Completed, Rejected, Deferred

The current security system  uses a fixed set of filter chains. The chains can be configured but there are some common uses cases which are not supported. Example:

The REST filter chain uses the ANT pattern: /rest/**\\**

Anonymous users should have access for HTTP POST and GET. Authenticated USERS should have access for all HTTP methods (PUT,DELETE,…). Since basic authentication is used, SSL is required.

Chains needed (the order is important):

• /rest/**\\** (GET,POST)
• /rest/**\\** (\\\*y) , SSL required

This GSIP introduces the following new features:

1. HTTP requests are matched by  ANT patterns AND the allowed HTTP methods
2. An optional SSL filter may reject HTTP requests
3. Add and remove chains
4. Reorder the list of chains

All enhancments are configureable using the Admin GUI.

This section should contain feedback provided by PSC members who may have a problem with the proposal.

State here any backwards compatibility issues.

Alessio Fabiani: Andrea Aime: Ben Caradoc Davies: Christian Mueller: Gabriel Roldan: Jody Garnett: +1 Jukka Rahkonen: Justin Deoliveira: Phil Scadden: Simone Giannecchini:

JIRA Task Email Discussion Wiki Page