[ https://issues.apache.org/jira/browse/NUTCH-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17468743#comment-17468743 ]
Lewis John McGibbney commented on NUTCH-2925: --------------------------------------------- [~markus17] didn't really like the idea of providing security for the Nutch WebApp. I closed that ticket off due to the deprecation of the 2.x codebase. I'll see if there is some way I can make the REST API security layer configurable. > Secure the Nutch REST API using Apache Shiro > -------------------------------------------- > > Key: NUTCH-2925 > URL: https://issues.apache.org/jira/browse/NUTCH-2925 > Project: Nutch > Issue Type: Improvement > Components: REST_api, security > Reporter: Lewis John McGibbney > Assignee: Lewis John McGibbney > Priority: Major > > We use nutch-helm to provide a convenient mechanism for certain internal > stakeholders to interact with Nutch via REST. > API security is entirely lacking from the REST API. > I propose to secure it using the popular [Apache Shiro > framework|https://shiro.apache.org/]. > I am using [Protecting JAX-RS Resources with RBAC and Apache > Shiro|https://stormpath.com/blog/protecting-jax-rs-resources-rbac-apache-shiro] > as a source of guidance. -- This message was sent by Atlassian Jira (v8.20.1#820001)