[jira] [Created] (JAMES-4201) Webadmin Auth: tokens with basic right controls

Jira Thu, 09 Apr 2026 20:10:37 -0700

René Cordier created JAMES-4201:
-----------------------------------

             Summary: Webadmin Auth: tokens with basic right controls
                 Key: JAMES-4201
                 URL: https://issues.apache.org/jira/browse/JAMES-4201
             Project: James Server
          Issue Type: Improvement
            Reporter: René Cordier



Why: We wishes to only give limited power for day to day operation in order to 
prevent incidents.

Non goal: build a complex right validation logic onto James.

Ability to define bearer header:

 - With no rights to do `DELETE`
 - With only rights to do `GET`

In `webadmin.properties`

{code:java}
# Everything
password=aaaa,bbbb

# Only GET
password.readonly=xxx

# No DELETE
password.nodelete=zzz,yyy
{code}

Implement validation in the password filter. 
If any of `password*` property is specifying request MUST be authenticated.





--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (JAMES-4201) Webadmin Auth: tokens with basic right controls

Reply via email to