[
https://issues.apache.org/jira/browse/JAMES-4201?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
René Cordier resolved JAMES-4201.
---------------------------------
Fix Version/s: 3.10
Resolution: Done
> Webadmin Auth: tokens with basic right controls
> -----------------------------------------------
>
> Key: JAMES-4201
> URL: https://issues.apache.org/jira/browse/JAMES-4201
> Project: James Server
> Issue Type: Improvement
> Reporter: René Cordier
> Priority: Major
> Fix For: 3.10
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> Why: We wishes to only give limited power for day to day operation in order
> to prevent incidents.
> Non goal: build a complex right validation logic onto James.
> Ability to define bearer header:
> - With no rights to do `DELETE`
> - With only rights to do `GET`
> In `webadmin.properties`
> {code:java}
> # Everything
> password=aaaa,bbbb
> # Only GET
> password.readonly=xxx
> # No DELETE
> password.nodelete=zzz,yyy
> {code}
> Implement validation in the password filter.
> If any of `password*` property is specifying request MUST be authenticated.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
